-----BEGIN PGP SIGNED MESSAGE-----
I've confirmed this behavior, though I never had the problem because
my custom /etc/profile doesn't work this way.
Follow this post's recommendation for a quick fix.
- -d
- ---------- Forwarded message ----------
Date: Fri, 20 Apr 2001 15:41:05 -0500
From: Drew Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Redhat 7 insecure umask
Problem:
Users of Redhat 7 may have their umask set insecurely while acting as root.
Severity:
Medium/Low
Description:
The Redhat useradd script creates a group for the new user with the same
name as the username by default. When the user logs in, any shell that uses
/etc/profile will set the umask to 002 if the user's username and groupname
match and their uid is greater than 14. If the user then issues su to become
root without specifying the -l option the root account inherits the umask of
002. As root the user may then create files with somewhat insecure permissions.
Redhat seemed to understand that system users should have a umask of 022,
because /etc/profile will set the umask that way for users loging in with a
uid less than 14, but they forgot about su.
The offending lines in /etc/profile:
...
if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]; then
umask 002
else
umask 022
fi
...
The fix:
Get rid of the if-statement in /etc/profile and replace it with
'umask 022' (no quotes).
Andrew Jones
- -------------
Computer Science and Physics student at the University of Northern Iowa
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQEVAwUBOuMtLL1ZYOtSwT+tAQHf8gf+L8ioUxJ7knx30yDUGBO+NG4wJ+L9NR3j
KrX5mNx9kFPdIEkkiCYfmE5eOdFBotCtAmEEAOr+wchi85BCSm+QwHCYL6J5jLvD
m5TnXxTK7NhAOJDZUKNzGBwF2ZveNBnMyktQCHfd2Vtd9jj6ShI31iW5IQCIuuGC
HQERM4VEiMeqD07HIZ0IZE++FsXceQMIWSnvSnijEiCiev1jv9oloM7Uce52YK7C
Tfqda/JItNzbcYbiSF9Jr4mU6bNJIS+oGGqLJx5uLXyMAW6K5+wR+MgqcQjtecqf
LRKP/MuCVPOM9Wyypo2Z8O8RrQ5lqamLEJlTUygRojlP/tfhxl08xg==
=KaKY
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
