Package: libpam-modules
Version: 1.1.8-3.1+deb8u1+b1
Severity: minor
Dear Maintainer,
The description of 'man pam_umask' is completely wrong. It says the following:
"
The PAM module tries to get the umask value from the following places
in the following order:
· umask= argument
· umask= entry in the user's GECOS field
· UMASK= entry from /etc/default/login
· UMASK entry from /etc/login.defs
"
It is not this order at all. I tested experimentally and the real order of
checking is this:
1. umask= entry in the user's GECOS field
2. umask= argument (to pam_umask.so)
3. UMASK entry from /etc/login.defs
4. UMASK= entry from /etc/default/login
such that GECOS has top priority and /etc/default/login is almost useless.
I checked the pam_umask source code and it confirm my experiment:
"
/* Parse parameters for module [ this is umask= arg] */
for ( ; argc-- > 0; argv++)
parse_option (pamh, *argv, options);
if (options->umask == NULL)
options->umask = search_key (LOGIN_DEFS);
if (options->umask == NULL)
options->umask = search_key (LOGIN_CONF);
"
[ and GECOS override all this later ]
Thank you
-- System Information:
Debian Release: 8.4
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.8-grsec-custom (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libpam-modules depends on:
ii debconf [debconf-2.0] 1.5.56
ii libaudit1 1:2.4-1+b1
ii libc6 2.19-18+deb8u4
ii libdb5.3 5.3.28-9
ii libpam-modules-bin 1.1.8-3.1+deb8u1+b1
ii libpam0g 1.1.8-3.1+deb8u1+b1
ii libselinux1 2.3-2
libpam-modules recommends no packages.
libpam-modules suggests no packages.
-- debconf information excluded
