Re: setting umask globally
On Fri, 2005-06-17 at 00:33 +0200, Santiago Vila wrote: On Fri, 17 Jun 2005, martin f krafft wrote: If one is faced with the task to set the umask globally for all users and shells, this turns out to be a job of redundancy: every shell uses its own file in /etc, and you end up making changes to 5 files or more (depending on the number of installed shells). What's worse: change the umask and you'll possibly forget one shell or the other, which may cause delays in your user's work, or even break things (yeah, you should not rely on umask; yeah, don't tell me...) [ snipped gigantic hack ] So the plan is: 1. gather comments. 2. file a bug against base-files to have the files included. 3. once base-files hits unstable, mass-file bugs against all compatible shells and ask them to use it. 4. rejoice. So, let's start at (1)... This is Unix, and we are system integrators. Our job is to make things simpler, not more complex. I wonder why people always consider base-files as the package of choice to implement all sorts of ugly global hacks. There is already an umask setting in /etc/login.defs. If it makes people happy, I will happily drop the umask setting from /etc/profile, so that people do not have to decide between login.defs and profile when trying to set an umask globally. Then we could make policy (or just convince the shell maintainers) that shells should not set umask in their default global initialization scripts, so that they do not override the one in /etc/login.defs. pam umask should be used ... though this was adde to debian without much integration. The setting in /etc/login.defs should be move to the end of this file (settings obsolete by pam) and all /etc/pam.d files upgraded. Do libpam-umask ought to be base ? And the setting removed from all shell/cron/X who knows specific configuration file. Thanks again Tollef for the great libpam-umask . I cannot wait for when some fellow manages to make a libpam-path (which deal with a separate path for root and users, maybe for su, ssh , cron too) ... it is time to get rid of /etc/login.defs and hacks to work around it (especially su, ssh and X login managers ). Tese kind of small extensions does more for us administrators to get a get a real life, children , etc than big g4c, yast ... :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting umask globally
also sprach Alban Browaeys [EMAIL PROTECTED] [2005.06.20.1911 +0200]: pam umask should be used ... though this was adde to debian without much integration. The setting in /etc/login.defs should be move to the end of this file (settings obsolete by pam) and all /etc/pam.d files upgraded. Do libpam-umask ought to be base ? The discussion is here: http://bugs.debian.org/314539 -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! consciousness: that annoying time between naps. signature.asc Description: Digital signature
Re: setting umask globally
Quoting martin f krafft ([EMAIL PROTECTED]): Do libpam-umask ought to be base ? The discussion is here: http://bugs.debian.org/314539 And enforcing the use of libpam-umask is actually the direction we're taking.. First step probably : comment UMASK in login.defs in answer to #314539. Then probably discuss with the PAM maintainers and try having libpam-umask used by default (with sane defaults of course). Tollef is OK to improve it in areas it needs to be improved (user-level configuration and so on...).) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting umask globally
also sprach Steve Greenland [EMAIL PROTECTED] [2005.06.17.0208 +0200]: And unless they know about the completely non-standard /etc/umask.conf, they'll still edit multiple files. True enough... unless files like /etc/profile include some magic code for umask (rather than the umask call itself), and a one-line comment telling people to go to /etc/umask.conf. I think the PAM way is the better way. An alternative would be to refer to libpam-umask from such a comment. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! 'the answer to the great question...' 'of life, the universe and everything...' said deep thought. 'is...' said deep thought, and paused. 'is...' 'forty-two,' said deep thought, with infinite majesty and calm. -- hitchhiker's guide to the galaxy signature.asc Description: Digital signature
Re: setting umask globally
Filing a bug against login... (shadow maintainer hat on) bugger...:-) I was reading this thread and just told to self: dude, this will end up in a BR against shadow/login:-) So, to summarize, the rationale here is: don't set umask in the default login.defs and leave this to shells and/or pam_umask. Right? I have to keep some kind of explanation for the default login.defs file, this is why I prefer asking immediately...:-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting umask globally
also sprach Christian Perrier [EMAIL PROTECTED] [2005.06.17.0658 +0200]: So, to summarize, the rationale here is: don't set umask in the default login.defs and leave this to shells and/or pam_umask. Right? Yes. I have to keep some kind of explanation for the default login.defs file, this is why I prefer asking immediately...:-) See the bug report... -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! why didn't noah swat those two mosquitoes? signature.asc Description: Digital signature
setting umask globally
If one is faced with the task to set the umask globally for all users and shells, this turns out to be a job of redundancy: every shell uses its own file in /etc, and you end up making changes to 5 files or more (depending on the number of installed shells). What's worse: change the umask and you'll possibly forget one shell or the other, which may cause delays in your user's work, or even break things (yeah, you should not rely on umask; yeah, don't tell me...) I thus propose to solve this dilemma across all shells in Debian with /etc/umask.conf (or /etc/default/umask), which can be the most simple of simple configuration files, should probably ship in base-files, and look like this: UMASK_ROOT=0077 UMASK_USER=0022 In addition, there is /usr/share/base-files/umask.sh: UMASK_ROOT=0077 UMASK_USER=0022 test -r /etc/umask.conf . /etc/umask.conf if [ $(id -u) -eq 0 ]; then umask $UMASK_ROOT else umask $UMASK_USER fi The /etc/profile-equivalent of every shell Debian ships then sources /usr/share/base-files/umask.sh and the user can change the umask in one single location. So the plan is: 1. gather comments. 2. file a bug against base-files to have the files included. 3. once base-files hits unstable, mass-file bugs against all compatible shells and ask them to use it. 4. rejoice. So, let's start at (1)... -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! with sufficient thrust, pigs fly just fine. however, this is not necessarily a good idea. it is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. -- rfc 1925 signature.asc Description: Digital signature
Re: setting umask globally
* martin f krafft [Fri, 17 Jun 2005 00:05:08 +0200]: 1. gather comments. apt-cache show libpam-umask -- Adeodato Sim EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 The pure and simple truth is rarely pure and never simple. -- Oscar Wilde -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting umask globally
also sprach Adeodato Sim [EMAIL PROTECTED] [2005.06.17.0011 +0200]: 1. gather comments. apt-cache show libpam-umask Very nice. I almost feel silly now. Is there any point in following through with the /etc/umask.conf proposal? libpam-umask is optional after all, and unless people know about it, they'll edit multiple files wrt umask, and we *could* unify this with relative ease. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! /.ing an issue is like asking an infinite number of monkeys for advice -- in #debian-devel signature.asc Description: Digital signature
Re: setting umask globally
On Fri, 17 Jun 2005, martin f krafft wrote: If one is faced with the task to set the umask globally for all users and shells, this turns out to be a job of redundancy: every shell uses its own file in /etc, and you end up making changes to 5 files or more (depending on the number of installed shells). What's worse: change the umask and you'll possibly forget one shell or the other, which may cause delays in your user's work, or even break things (yeah, you should not rely on umask; yeah, don't tell me...) [ snipped gigantic hack ] So the plan is: 1. gather comments. 2. file a bug against base-files to have the files included. 3. once base-files hits unstable, mass-file bugs against all compatible shells and ask them to use it. 4. rejoice. So, let's start at (1)... This is Unix, and we are system integrators. Our job is to make things simpler, not more complex. I wonder why people always consider base-files as the package of choice to implement all sorts of ugly global hacks. There is already an umask setting in /etc/login.defs. If it makes people happy, I will happily drop the umask setting from /etc/profile, so that people do not have to decide between login.defs and profile when trying to set an umask globally. Then we could make policy (or just convince the shell maintainers) that shells should not set umask in their default global initialization scripts, so that they do not override the one in /etc/login.defs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting umask globally
also sprach Santiago Vila [EMAIL PROTECTED] [2005.06.17.0033 +0200]: There is already an umask setting in /etc/login.defs. If it makes people happy, I will happily drop the umask setting from /etc/profile, so that people do not have to decide between login.defs and profile when trying to set an umask globally. /etc/login.defs is only read for console logins, not for e.g. SSH logins. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! micro$oft windoze: proof that p. t. barnum was correct. signature.asc Description: Digital signature
Re: setting umask globally
On Jun 17, Santiago Vila [EMAIL PROTECTED] wrote: There is already an umask setting in /etc/login.defs. If it makes people happy, I will happily drop the umask setting from /etc/profile, so that people do not have to decide between login.defs and profile when trying to set an umask globally. This looks like a good idea. -- ciao, Marco signature.asc Description: Digital signature
Re: setting umask globally
On Jun 17, martin f krafft [EMAIL PROTECTED] wrote: also sprach Santiago Vila [EMAIL PROTECTED] [2005.06.17.0033 +0200]: There is already an umask setting in /etc/login.defs. If it makes people happy, I will happily drop the umask setting from /etc/profile, so that people do not have to decide between login.defs and profile when trying to set an umask globally. /etc/login.defs is only read for console logins, not for e.g. SSH logins. Then maybe the umask setting should be removed from there? -- ciao, Marco signature.asc Description: Digital signature
Re: setting umask globally
also sprach Marco d'Itri [EMAIL PROTECTED] [2005.06.17.0103 +0200]: /etc/login.defs is only read for console logins, not for e.g. SSH logins. Then maybe the umask setting should be removed from there? r agree. Since any login session these days will invoke a shell, there is no point in having login.defs set the umask -- the shell will override it anyway. Filing a bug against login... -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! mumlutlitithtrhreeaadededd s siigngnatatuurere signature.asc Description: Digital signature
Re: setting umask globally
On 16-Jun-05, 17:23 (CDT), martin f krafft [EMAIL PROTECTED] wrote: Is there any point in following through with the /etc/umask.conf proposal? libpam-umask is optional after all, and unless people know about it, they'll edit multiple files wrt umask, and we *could* unify this with relative ease. And unless they know about the completely non-standard /etc/umask.conf, they'll still edit multiple files. These days, any sort of I want the same setting of 'x' for all the different ways people can login should instantly make you think I wonder if there's a PAM module that sets 'x'?. And usually there is. Except for environment variables[1]. Steve [1] Yeah, I know about pam_env, but it I've never been able to get it do what I want (add $HOME/bin to PATH.) Probably lack of clue on my part. -- Steve Greenland The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world. -- seen on the net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
