On Tue, 2022-03-08 at 12:29 -0700, Sam Hartman wrote: > > > > > > Take a look at https://salsa.debian.org/vorlon/pam/-/merge_requests/3 > > According to the history of that patch, we have some old consensus to > move toward usergroups and a default umask of 0002 (except for root > which gets 0022).
On systems that don't use usergroups for all/some users, doesn't this change make all files writable by other users by default? That would seem like a very unsecure change on upgrades (or as a default). (Though I think the current world-readable by default is already quite bad. It seems like a unsafe choice on both single-user and multi-user systems...) Ansgar