On 04/03/2016 08:05 PM, Boruch Baum wrote: > > 1] /etc/default/useradd. I don't know that I have easy access to a > default debian image or /etc/default/useradd file in order to compare > with my expectations, which were: > > HOME=/home > INACTIVE=-1 > SHELL=/bin/bash > SKEL=/etc/skel > CREATE_MAIL_SPOOL=yes >
My wheezy and squeeze are the same, with the addition of "EXPIRE=". > 2] /etc/profile > > 2.2] umask. This was a shocker, security-wise. The default umask is set > to 022 instead of the better 027 or, my preference, 077. My memory is > that on other systems on which I've seen the command seemingly > hard-coded for 022, the fix to 027 or 077 was placed in this file. > 022 is standard for Debian. From man pam_umask: "Add the following line to /etc/pam.d/login to set the user specific umask at login: session optional pam_umask.so umask=0022" Or set it to what you want. -fsr _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng