Your message dated Wed, 19 May 2010 16:47:40 -0700
with message-id <[email protected]>
and subject line Re: Bug#581984: libpam-modules: pam_umask only uses
UPG-appropriate umask if uid==gid
has caused the Debian Bug report #581984,
regarding libpam-modules: pam_umask only uses UPG-appropriate umask if uid==gid
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
581984: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581984
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-modules
Version: 1.1.1-3
Severity: normal
If usergroups is passed as an option, pam_umask compares numeric uid
with numeric gid as an initial test to determine whether the umask group
bits should be set to match the umask user bits. When User Private
Groups are being used, there is no guarantee that uid==gid, and in fact
it is often the case that uid!=gid, so this test should be removed.
See http://lists.debian.org/debian-devel/2010/05/msg00463.html and other
messages in that thread for discussion of this.
...Marvin
--- End Message ---
--- Begin Message ---
Hi Marvin,
On Mon, May 17, 2010 at 10:00:52AM -0400, Marvin Renich wrote:
> Package: libpam-modules
> Version: 1.1.1-3
> Severity: normal
> If usergroups is passed as an option, pam_umask compares numeric uid
> with numeric gid as an initial test to determine whether the umask group
> bits should be set to match the umask user bits. When User Private
> Groups are being used, there is no guarantee that uid==gid, and in fact
> it is often the case that uid!=gid, so this test should be removed.
> See http://lists.debian.org/debian-devel/2010/05/msg00463.html and other
> messages in that thread for discussion of this.
I don't think this is a point on which we should diverge from the upstream
behavior; this is obviously a security-sensitive option, and if upstream
believes the current behavior is the correct one, I don't want admins
familiar with other distributions to be unpleasantly surprised that using
this option on Debian results in a more relaxed umask than they expected.
I'm therefore closing this bug as "wontfix", but you are welcome to report
this upstream at
<https://sourceforge.net/tracker/?group_id=6663&atid=106663>.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[email protected] [email protected]
signature.asc
Description: Digital signature
--- End Message ---
