Package: libpam-modules Version: 1.1.3-4 Severity: normal During holding a training about Linux basics, chapters users & permissions, I revisited the issue on how to set the umask on Debian.
I knew it should be set via pam_umask. I did it this way to set umask 002 for our Linux workstations. Today I grepped for other locations and found: root@vm6601a:/etc# grep umask * login.defs:# UMASK Default "umask" value. login.defs:# UMASK is the default umask value for pam_umask and is used by login.defs:# Other former uses of this variable such as setting the umask when ltrace.conf:octal umask(octal); ltrace.conf:octal SYS_umask(octal); profile:# The default umask is now handled by pam_umask. profile:# See pam_umask(8) and /etc/login.defs. Then I went the way recommended by the comments in profile. But it doesn´t work, the setting for UMASK is not respected for logins on tty as well as via SSH or KDM: root@vm6601a:~# grep "^UMASK" /etc/login.defs UMASK 002 root@vm6601a:~# umask 0022 (That is after a reboot of the virtual machine.) On SLES 11 setting umask in /etc/login.defs has the desired effect. I bet this is due to vm6601b:/etc/pam.d # grep umask * common-session:session optional pam_umask.so common-session.pam-config-backup:session optional pam_umask.so common-session-pc:session optional pam_umask.so for SLES 11 versus root@vm6601a:/etc/pam.d# grep -i umask * root@vm6601a:/etc/pam.d# for Debian Squeeze or merkaba:/etc/pam.d> grep -i umask * merkaba:/etc/pam.d#1> for the Debian Sid laptop I am reporting this from. Expected results: Setting umask in /etc/login.defs works as advertised in /etc/profile. Actual results: Setting umask there has no effect. Related bugs: Personal groups should result in umask 002 by default http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643560 Possible work-around for Squeeze: For Squeeze add a hint to /etc/profile that pam_umask needs to be configured first. I would prefer pam_umask configuration to be added tough. Thanks, Martin Steigerwald -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (120, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-modules depends on: ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-21 ii libdb5.1 5.1.25-11 ii libpam-modules-bin 1.1.3-4 ii libpam0g 1.1.3-4 ii libselinux1 2.1.0-1 libpam-modules recommends no packages. libpam-modules suggests no packages. -- debconf information: libpam-modules/disable-screensaver: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org