Hi! On Fri, Apr 15, 2005 at 07:12:33PM +0200, Christian Perrier wrote: > ==================================================== > The default UMASK value 022 is insecure for default Debian installation. > I suggest using more strict 027 in /etc/login.defs
For what? The default is there for years. Who wants will change that him/herself. > Indeed, even when I change this setting in /etc/login.defs, I still > get a OO22 umask. > > Is the setting in /etc/login.defs still used or do I again miss some > PAM magic here? No, the matter is much more simple. The umask is also frequently set in shell rc scripts. Look into .bashrc, .bash_profile, .profile and so on including system-wide files (especially /etc/profile ;)). Here we have a problem of keeping a single setting in a bunch of different places, while there should be exactly two -- system-wide PAM plus per-user PAM (currently there is no such module in existence). -- WBR, xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]