[Pkg-shadow-commits] r267 - trunk/debian

Christian Perrier pkg-shadow-devel@lists.alioth.debian.org
Fri, 17 Jun 2005 21:31:19 +0000 

Author: bubulle
Date: 2005-06-17 21:31:18 +0000 (Fri, 17 Jun 2005)
New Revision: 267

Modified:
   trunk/debian/changelog
   trunk/debian/login.defs
Log:
Comment out the confusing umask setting which only affects console logins.
Document the encouraged use of pam_umask instead
See #314539 and a recent thread in -devel


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-06-17 21:17:36 UTC (rev 266)
+++ trunk/debian/changelog	2005-06-17 21:31:18 UTC (rev 267)
@@ -12,6 +12,9 @@
     - debian/login.defs:
       Make SU_PATH and PATH consistent with the values used in /etc/profile
       Closes: #286616
+      Comment the UMASK setting which is mor econfusing than useful
+      as it only affects console logins. Better use pam_umask instead
+      Closes: #314539, #248150
     - debian/passwd.config:
       Re-enable the password confirmation question at critical priority
       Closes: #304350

Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs	2005-06-17 21:17:36 UTC (rev 266)
+++ trunk/debian/login.defs	2005-06-17 21:31:18 UTC (rev 267)
@@ -167,12 +167,25 @@
 # The ERASECHAR and KILLCHAR are used only on System V machines.
 # The ULIMIT is used only if the system supports it.
 # (now it works with setrlimit too; ulimit is in 512-byte units)
+# 
+# UMASK setting here is discouraged with the following rationale:
+# Since any login session these days will invoke a shell, there is no
+# point in having login.defs set the umask -- the shell will override
+# it anyway.
+# Moreover, login.defs is only used for console logins, not, for 
+# nstance for SSH logins, so settign the umask here only
+# could end up in an inconsistent behaviour
+# See #314539 and #248150
+# as well as the thread starting at 
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
 #
+# Actually, the use of pam_umask is encouraged (Debian package libpam-umask).
+#
 # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
 #
 ERASECHAR	0177
 KILLCHAR	025
-UMASK		022
+#UMASK		022
 #ULIMIT		2097152
 
 #