Hi Steve, Thanks for taking care!
First of all, this was never a "real" bug-report... more an investigation and understanding how pam_umask is working and how someone can influence the default UMASK settings. Can you tell me to which of Ubuntu's MLs I should start such a discussion next time (opening a BR was IMHO not the very best idea :-))? > I don't see anything here that's a bug in the pam package. Of course, there is... not on 1st view. After digging more and more into the matters, it has shown the man-page is not very clear. See also comment #20 and the attached diff when rebuilding latest available pam package on precise. Dunno, if I should open a new bug on this? >> I am not sure where exactly to change the umask for shell logins >> GLOBALLY and/or USER-DEFINED. > In the /etc/pam.d/common-session* include files, where the existing references to pam_umask are found. Again, the man-page(s) is not clear enough here, especially man pam_umask has a section where an order/ranking is listed. IMHO this needs to be revised! There are no references to "/etc/pam.d/common-session*"! >> when I am working with the Freetz build-system I have this >> umask/shell problem described in [1]. > It is a bug for any build system to make assumptions about the umask. If particular permissions are required, it should set them > explicitly - or set its own umask as part of the build system. Yeah, the easiest way of "fixing" this is to run 'umask=$UMASK make ...' in Freetz. I discussed with the lead developer to change the file permissions before packing/modifying the rootfs for the firmware. Unfortunately, the user gets an abort and the help printed on the shell is not helpful. I agree with you this is a problem in the Freetz build-system and should be fixed there. >> The umask is "002" when xterm is started. > That is the current default, yes. Where has someone a hint to this GLOBAL change? The pam package was bumped and the new change done. AFAICS this 'umask=002' change was not introduced with (means after) precise release (correct me if I am wrong)! >> $ man pam_umask >> ...recommends: >> EXAMPLES >> Add the following line to /etc/pam.d/login to set the user >> specific umask at login: > This is an example, not a recommendation. Modifying the /etc/pam.d/login file > only affects the login service. As you are not > using a console login, this does not apply. Maybe, I misunderstand "console login"... you mean VT-1...VT-7 where VT-7 is normally X(org)? >> NOTE-1: common-session is a INCLUDED file, but a >> dpkg -S /path/to/common-session does NOT refer to any Ubuntu package. > This is normal for config files modified by the system at runtime, and is not > a bug in pam. It is arguably a bug in dpkg, but not > one that will be fixed any time in the near future. Yupp, I have seen this afterwards, that the files were generated. Seeing from a analyst POV it was strange to me that dpkg did not print a status "known" or "belongs to pkg X". >> NOTE-2: session items in common-session file are malformed (tabs)! > There's nothing malformed about using tabs here. >From a comestical POV it is... here in Ubuntu/precise's vi with standard tabs >settings. I noticed this when doing a diff after new identation. >> I am not sure where exactly to change the umask for shell logins >> GLOBALLY and/or USER-DEFINED. > In the /etc/pam.d/common-session* include files, where the existing references to pam_umask are found. Again, no refs in the man-page(s) and IMHO no correct (new) list of ranking in 'man pam_umask'. Last question: The not up2date pam_umask man-page says: -UMASK entry from /etc/login\&.defs +UMASK entry from /etc/login\&.defs (influenced by USERGROUPS_ENAB in /etc/login\&.defs) So, a user should NOT play with USERGROUPS_ENAB settings in /etc/login.defs? And if YES, what are the consequences for his/her Ubuntu Linux system? Thanks in advance! - Sedat - -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1097262 Title: [pam][pam_umask]: Explicitly set the user specific umask at (shell) login to "0022" value To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs