Re: UMASK 002 or 022?
I personally prefer a global 0027, but I've heard arguments for 0077. I also did a quick web search and found wiki pages meant to discuss the default. I imagine the most helpful course of action would be to read through the existing discussions and then contribute facts that haven't been shared... ideally without the emotions and opinions present here. I never read anywhere that a form decision was made, just that there hasn't been cause for change. My preference of 0027 doesn't make sense for the typical family. Their default doesn't make sense for me. I got the impression this was never changed was because people that care can do a search for how to change it, change it, and no longer care. I use configuration management to set it and haven't thought about it again.
Re: UMASK 002 or 022?
Hi, On 30.06.2017 20:41, gwmf...@openmailbox.org wrote: > When the average user cannot change the umask Changing the umask is the wrong fix. The correct solution is to set the permissions of the home directory to 751, once. Simon signature.asc Description: OpenPGP digital signature
Re: UMASK 002 or 022?
On Fri, Jun 30, 2017 at 02:41:22PM -0400, gwmf...@openmailbox.org wrote: > On 2017-06-30 12:05, Holger Levsen wrote: > >On Fri, Jun 30, 2017 at 11:56:37AM -0400, gwmf...@openmailbox.org > >wrote: > >>Ultimately, it wouldn't be as big a deal if it was possible to > >>change the > >>default umask for the gnome-session in Debian Stretch. > > > >the fact that it's impossible for you, doesnt mean it's impossible > >for everyone. > > > >sorry, but this had to be said, you are repeating this nonsense. > >if you need > >help changing this, try debian-u...@lists.debian.org or get paid > >support. > > > >this list is for the development of debian, thanks. > > > When the average user cannot change the umask, it becomes a higher > priority that the default umask reflect everyday usage (which is > what this thread is about--the development of debian and discussing > why debian still uses a default whose rationale has arguably long > past). The statement you disparage has bearing on the discussion of > the default as the discussion is now of more concern considering > things like this crop up. > > Since you brought the issue up: other debian lists provided no help > in finding a workaround. I don't see you volunteering any info on > how to workaround the problem. So how do I know it's not impossible? > I've spoken with another developer elsewhere and he didn't know a > fix. But the statement you disparage was not asking for a workaround > but was a comment on the larger user base not having a mechanism for > effecting this change. > > I don't feel your comments were warranted or helpful. The statement > you disparage is not "nonsense" for the average debian user. I > imagine you are much more skilled with computers than the average > user. I don't want my statements to upset or misrepresent and did > not intend this. But having input from someone who is not a > developer per se can be helpful and informative to discussions like > this. > > It strikes me that the community does not care about this issue, > that the "old" way of doing it is the preferred way even though its > original rationale has long since passed and is no longer relevant. > And apparently at least some view me as not knowledgeable enough to > be discussing this topic with you in this forum considering I do not > know how to work around the problem myself (but even if I did that > would still not address the larger subject of this thread). > > So signing off. I'll leave my previous emails for the record in the > hope that they are given consideration by the community. I do > appreciate having the opportunity to be heard and the feedback > received. > https://unix.stackexchange.com/questions/254378/how-to-set-umask-for-the-entire-gnome-session
Re: UMASK 002 or 022?
On 2017-06-30 12:05, Holger Levsen wrote: On Fri, Jun 30, 2017 at 11:56:37AM -0400, gwmf...@openmailbox.org wrote: Ultimately, it wouldn't be as big a deal if it was possible to change the default umask for the gnome-session in Debian Stretch. the fact that it's impossible for you, doesnt mean it's impossible for everyone. sorry, but this had to be said, you are repeating this nonsense. if you need help changing this, try debian-u...@lists.debian.org or get paid support. this list is for the development of debian, thanks. When the average user cannot change the umask, it becomes a higher priority that the default umask reflect everyday usage (which is what this thread is about--the development of debian and discussing why debian still uses a default whose rationale has arguably long past). The statement you disparage has bearing on the discussion of the default as the discussion is now of more concern considering things like this crop up. Since you brought the issue up: other debian lists provided no help in finding a workaround. I don't see you volunteering any info on how to workaround the problem. So how do I know it's not impossible? I've spoken with another developer elsewhere and he didn't know a fix. But the statement you disparage was not asking for a workaround but was a comment on the larger user base not having a mechanism for effecting this change. I don't feel your comments were warranted or helpful. The statement you disparage is not "nonsense" for the average debian user. I imagine you are much more skilled with computers than the average user. I don't want my statements to upset or misrepresent and did not intend this. But having input from someone who is not a developer per se can be helpful and informative to discussions like this. It strikes me that the community does not care about this issue, that the "old" way of doing it is the preferred way even though its original rationale has long since passed and is no longer relevant. And apparently at least some view me as not knowledgeable enough to be discussing this topic with you in this forum considering I do not know how to work around the problem myself (but even if I did that would still not address the larger subject of this thread). So signing off. I'll leave my previous emails for the record in the hope that they are given consideration by the community. I do appreciate having the opportunity to be heard and the feedback received.
Re: UMASK 002 or 022?
On Fri, Jun 30, 2017 at 11:56:37AM -0400, gwmf...@openmailbox.org wrote: > Ultimately, it wouldn't be as big a deal if it was possible to change the > default umask for the gnome-session in Debian Stretch. the fact that it's impossible for you, doesnt mean it's impossible for everyone. sorry, but this had to be said, you are repeating this nonsense. if you need help changing this, try debian-u...@lists.debian.org or get paid support. this list is for the development of debian, thanks. -- cheers, Holger signature.asc Description: Digital signature
Re: UMASK 002 or 022?
On 2017-06-30 09:17, Russell Stuart wrote: gwmf...@openmailbox.org is right in saying today's computer users don't have the "sharing is what makes us bigger than the sum of the parts" philosophy. Where he goes wrong is in assuming they share their computers. While there was a time many people shared a single CPU, today many CPU's share a person. Or less obliquely, everyone has their own phone / tablet / laptop, which they don't share with anyone except US border agents. In this environment umask is a quaint hallmark of a bygone time. Very often I see families sharing a computer in my neighborhood. They each have an account on the computer in the living room (for example). The parents set it up. And I doubt the parent knows that the kids can read everything they have in their account. (i.e., the kids are more computer savvy). I can see that there is resistance to changing this policy despite the fact that no one has told me a convincing reason for keeping it. Ultimately, it wouldn't be as big a deal if it was possible to change the default umask for the gnome-session in Debian Stretch.
Re: UMASK 002 or 022?
On 2017-06-30 00:18, darkestkhan wrote: Are you saying that default permissions for home dirs in Debian is 755? It was when I installed Jessie and most recently Stretch. sc...@sl.id.au wrote: Can you point to a real, specific security problem that this has caused? I already did, in my email. Maybe not a "security problem" that is going to get a CVE, but I don't think people realize users of other accounts can read their files. I doubt this is understood when a separate account is created. If windows is different, it looks to be the outlier because macOS behaves the same way as Debian[0]: I was only referencing Windows and Mac in case their was an assumption that Linux users are knowledgeable enough to change umask/permissions (and to even know about them). I was not (and do not know) what Windows and/or Mac umask/permissions are (or if they have them at all).
Re: UMASK 002 or 022?
On Fri, 2017-06-30 at 21:22 +1000, Scott Leggett wrote: > If windows is different, it looks to be the outlier because macOS > behaves the same way as Debian[0]: > > > For example, the default umask of 022 results in permissions of 644 > > on new files and 755 on new folders. Groups and other users can read > > the files and traverse the folders, but only the owner can make > > changes. > > [0] https://support.apple.com/en-us/HT201684 Windows being an outlier is a recent thing. Earlier versions behaved like the rest of us. Such behaviour originated in a time when computer users were once Uni students themselves. They knew what file permissions were and how to change them, and were smart enough to not be scared of sharing as the default philosophy. Unfortunately for gwmf m...@openmailbox.org most Debian developers come from that cohort. gwmf...@openmailbox.org is right in saying today's computer users don't have the "sharing is what makes us bigger than the sum of the parts" philosophy. Where he goes wrong is in assuming they share their computers. While there was a time many people shared a single CPU, today many CPU's share a person. Or less obliquely, everyone has their own phone / tablet / laptop, which they don't share with anyone except US border agents. In this environment umask is a quaint hallmark of a bygone time. The one example he gave of students sharing a University computer is a furphy. It's true it still such sharing still happens. But the person in charge of the machine isn't some naive first year pleb. It's a battle hardened university sysadmin who, god bless his black heart, has faced down 1000's of aspiring university student training in the art he long ago mastered. He knows how to wield a umask with power and precision. He doesn't whinge about pam_umask not being the default, he fixes it and while he's at it alters the shell scripts in /etc/X11/Xsession.d/ gets exactly the umask they deserve. TL;DR - this complaint is 20 years too late. signature.asc Description: This is a digitally signed message part
Re: UMASK 002 or 022?
On 2017-06-29.15:43, gwmf...@openmailbox.org wrote: > The wider community doesn't seem that concerned with the fact that all > Debian and Ubuntu users are now (with the most recent stable releases) > completely unable to change their default umask (and further have a default > setting that gives the world read access to all their documents). I think > this needs to be viewed as a security issue. Can you point to a real, specific security problem that this has caused? > Even with the premise that the average Linux user is more computer competent > than the average Windows or Mac user, I still don't think it's a fair > assumption that all linux users know all about umask and permissions. Due to > this, many users may unwittingly create "guest" accounts or friend accounts > on their computers unknowingly giving read access to all documents they've > created. If windows is different, it looks to be the outlier because macOS behaves the same way as Debian[0]: > For example, the default umask of 022 results in permissions of 644 > on new files and 755 on new folders. Groups and other users can read > the files and traverse the folders, but only the owner can make > changes. [0] https://support.apple.com/en-us/HT201684 -- Regards, Scott. signature.asc Description: PGP signature
Re: UMASK 002 or 022?
On Thu, Jun 29, 2017 at 7:43 PM, wrote: > The wider community doesn't seem that concerned with the fact that all > Debian and Ubuntu users are now (with the most recent stable releases) > completely unable to change their default umask (and further have a default > setting that gives the world read access to all their documents). I think > this needs to be viewed as a security issue. > > Even with the premise that the average Linux user is more computer competent > than the average Windows or Mac user, I still don't think it's a fair > assumption that all linux users know all about umask and permissions. Due to > this, many users may unwittingly create "guest" accounts or friend accounts > on their computers unknowingly giving read access to all documents they've > created. This is not an uncommon practice in university contexts especially. > Same goes if there's any sort of remote access going on through SSH etc. > > This issue strikes me as something that should be of higher concern to the > community. > > Someone mentioned changing the permissions on one's home folder. That just > adds insult to injury that by default everyone's home folder let's the world > have read access along with all files being created with read access. It's > poor privacy and security policy. The average computer-user assumes that > other account holders can't read their "stuff" unless they do something to > allow that person to read their stuff. But this is completely untrue on > Debian Stretch and Ubuntu 17.04. > Are you saying that default permissions for home dirs in Debian is 755? -- darkestkhan -- Feel free to CC me. jid: darkestk...@gmail.com May The Source be with You.
Re: UMASK 002 or 022?
The wider community doesn't seem that concerned with the fact that all Debian and Ubuntu users are now (with the most recent stable releases) completely unable to change their default umask (and further have a default setting that gives the world read access to all their documents). I think this needs to be viewed as a security issue. Even with the premise that the average Linux user is more computer competent than the average Windows or Mac user, I still don't think it's a fair assumption that all linux users know all about umask and permissions. Due to this, many users may unwittingly create "guest" accounts or friend accounts on their computers unknowingly giving read access to all documents they've created. This is not an uncommon practice in university contexts especially. Same goes if there's any sort of remote access going on through SSH etc. This issue strikes me as something that should be of higher concern to the community. Someone mentioned changing the permissions on one's home folder. That just adds insult to injury that by default everyone's home folder let's the world have read access along with all files being created with read access. It's poor privacy and security policy. The average computer-user assumes that other account holders can't read their "stuff" unless they do something to allow that person to read their stuff. But this is completely untrue on Debian Stretch and Ubuntu 17.04.
