[Bug 606249] New: changing default umask for new users homedir sets the current umask for ALL users including root
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c0 Summary: changing default umask for new users homedir sets the current umask for ALL users including root Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: s2@forceway.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 BetterPrivacy-1.47 Firefox/3.5.9 Yast->User and group management->Defaults for new users: Change umask for home directory. Logout. Now all users & root have this as active umask value. This caused me great confustion trying to 'sudo make install' codeblocks, as I always set my homedir umask for new users to 077. The install process used this and so all dirs wwere created as drwx------. So the program was unusable. Only root could run it. I think it bizzare behavior. The workaround I guess is to define the umask you want the user to have in some startup script or profile. Where should it go? Reproducible: Always Steps to Reproduce: Yast->User and group management->Defaults for new users: Change umask for home directory. Logout. Actual Results: user and root now use this as their umask Expected Results: this umask should only affect creation of new homedirs for new users!! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c1 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Platform|x86-64 |All AssignedTo|security-team@suse.de |yast2-maintainers@suse.de --- Comment #1 from Thomas Biege <thomas@novell.com> 2010-05-17 11:48:28 UTC --- Yes it is confusing because it will not be the umask on NEW user but ALL user because of the change was done in /etc/login.defs. reassigning to yast2 maintainers. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c2 Vladislav Gorobets <vgorobets@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |s2@forceway.com AssignedTo|yast2-maintainers@suse.de |jsuchome@novell.com --- Comment #2 from Vladislav Gorobets <vgorobets@novell.com> 2010-05-18 08:27:27 UTC --- Please attach YaST logs. It's actually helpful to attach them to (almost) every bugreport for YaST. See http://en.opensuse.org/Bugs/YaST -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c3 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|s2@forceway.com |kukuk@novell.com --- Comment #3 from Jiří Suchomel <jsuchome@novell.com> 2010-05-18 11:36:05 UTC --- The UMASK value set in YaST is saved to /etc/login.defs. I assume the described behavior is correct, based on the value present in this file. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c4 Thorsten Kukuk <kukuk@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kukuk@novell.com InfoProvider|kukuk@novell.com |s2@forceway.com --- Comment #4 from Thorsten Kukuk <kukuk@novell.com> 2010-05-18 12:14:40 UTC --- /etc/login.defs is, to my knowledge, only read by useradd and pam_umask. pam_umask is not configured by default. So YaST2 is doing everything correct. Maybe pam_umask was enabled on that system? Else somebody else is reading that config file, who shouldn't do that. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c5 John McInnes <s2@forceway.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |s2@forceway.com InfoProvider|s2@forceway.com | --- Comment #5 from John McInnes <s2@forceway.com> 2010-05-19 01:32:03 UTC --- Are you guys not able to reproduce this? I just reproduced it on a different 11.2 x86_64 machine. The machine has all updates as of last week installed. Enter yast->users->defaults for new user. Set umask. Log out, all the way, or reboot. Log in. User has this umask. su - root has this umask. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c6 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |mc@novell.com InfoProvider| |kukuk@novell.com --- Comment #6 from Jiří Suchomel <jsuchome@novell.com> 2010-05-19 07:58:24 UTC ---
pam-config -q --umask session:
This is probably the default for 11.3: I did not change anything and can reproduce the behavoir. Does this mean that the behavior is correct? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c7 Thorsten Kukuk <kukuk@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kukuk@novell.com | --- Comment #7 from Thorsten Kukuk <kukuk@novell.com> 2010-05-19 08:02:30 UTC --- /etc/login.defs is the very, very last fallback for pam_umask. So if you don't configure it anywhere else, yes, the behavior is correct. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c8 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #8 from Jiří Suchomel <jsuchome@novell.com> 2010-05-19 08:06:20 UTC --- YaST really only writes /etc/login.defs. So when current setting for pam_umask is correct, the bug is invalid. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c9 Thorsten Kukuk <kukuk@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #9 from Thorsten Kukuk <kukuk@novell.com> 2010-05-19 09:05:46 UTC --- too avoid further confusion, we will move UMASK from /etc/login.defs to /etc/default/useradd, so that it is clear that only useradd is and can use this value. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Component|Security |YaST2 Version|Final |Milestone 6 AssignedTo|jsuchome@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 11.2 |openSUSE 11.3 Target Milestone|--- |Milestone 7 QAContact|qa@suse.de |jsrain@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@novell.com AssignedTo|bnc-team-screening@forge.pr |jsuchome@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c10 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #10 from Jiří Suchomel <jsuchome@novell.com> 2010-05-24 12:20:15 UTC --- Done in yast2-users-2.19.14 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=606249 http://bugzilla.novell.com/show_bug.cgi?id=606249#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (606249) was mentioned in https://build.opensuse.org/request/show/40422 Factory / pwdutils https://build.opensuse.org/request/show/40571 Factory / yast2-users -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com