On Tuesday 23 September 2008, Ovid wrote: > --- On Tue, 23/9/08, Shlomi Fish <[EMAIL PROTECTED]> wrote: > > The default Mandriva umask appears to be 0002 . > > That surprised me, so I googled "default mandriva umask". All the > references I found say the default umask is 0022 ... unless ... > > Mandriva offers a tool to control security settings. It's called "Msec": > > http://wiki.mandriva.com/en/Msec > http://is.gd/2Zzk > > Msec offers 7 security levels. Level 0 ("The user should not be allowed to > own a computer") is very insecure (not even a password), and Level 6 comes > with its own tinfoil hat. As it turns out, those different security levels > correspond to different umasks, as detailed here: > > http://www.brunolinux.com/07-Security/Mandriva_Security_Settings.html > http://is.gd/2Zzn > > The only levels which provide a default umask of 0002 are levels 0 and 1, > both of which are *NOT* recommended, but if that's what you say your > default is, I can only wonder how, exactly, you managed to get your system > in that state. (In fact, distributions generally default to level 3, which > has a default umask of 0022.)
My /etc/sysconfig/msec reads: {{{{{{{{{ UMASK_ROOT=022 SECURE_LEVEL=3 UMASK_USER=022 TMOUT=0 }}}}}}}}} So it should be OK, but it's not. Even if I login from the console as a different user, for which I did not set the umask explicitly. I see he has a umask of 0002. Maybe it's the doing of one of the files in /etc. > > Of course, even as Eric pointed out, a umask of 0002 still masks the world > writeable permissions, so I still don't see how you're getting there and if > you've configured your system to give *you* a umask of 0022, then you still > shouldn't be getting the warnings you're getting. I don't understand how > this arose, but I'd be curious to find out how. OK. I'll investigate. Regards, Shlomi Fish ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ What Makes Software Apps High Quality - http://xrl.us/bkeuk Shlomi, so what are you working on? Working on a new wiki about unit testing fortunes in freecell? -- Ran Eilam