[Gllug] File permissions and umask on Ubuntu (and I think probably, Debian)

Mon Jan 8 12:16:09 UTC 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Winters wrote:
> The rationale runs the other way around:
> 
> a) We want users to be able to work on shared material in a shared
> directory - e.g. a development project.
> b) So we set up a group for the project, make all relevant users members
> of the group, set the group sticky bit on the directory and set users
> umasks to 0002.
> c) Ah, but that means compromising users' own private files, unless
> they're each given their own group.
> 
> The method is well known and well documented.  Unfortunately it seems to
> have been just half implemented (the latter half) in Debian.  Going
> through the change logs it appears that it used to be fully implemented,
> but some of the functionality was lost with the migration to using PAM.

As I remember it, this was a completely intentional decision, to avoid the
possibility of people setting up systems that were less secure than they
thought they were -- since many people coming to Linux from Unix will
assume a system-wide umask of 022.

The theory is that anyone that understands the
each-user-has-their-own-group setup (and how to setup directories belonging
to a shared group with a group s-bit etc.) will also be capable of editing
their /etc/profile to read "umask 002" rather than "umask 022", and anyone
else should be happy and safe with a umask of 022.

So it's just a symptom of Debian following the rule of least surprise.

To answer Jason's "Have you considered just changing the system so users
don't have their own groups and using groups properly?" -- that was
rejected at the time because it's a right pain to fix if you later want to
switch to the umask 002 scheme, and it buys you nothing (other than another
group (i.e. users) that is pretty much indistinguishable from nogroup,
except that it ends up with a lot of files belonging to it, just waiting
for their security to be undermined)

> If you know a way of achieving this kind of file sharing without setting
> umasks to 0002 then I'd love to hear it.

The plan was always for the local sysadmin to set the umask to 002.

Unfortunately, you came across the gdm bug as a result (thanks for that
tip, BTW -- I normally solve that by telling my xterms to act as login
shells, and so execute /etc/profile, so I'd not worked out that it was
GDM's fault -- I'll be switching to the Xsession workaround from now on)

Cheers, Phil.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFojYGYgOKS92bmRARAuGBAJ9tm1x8fBRr2CjlC2pmvnMI4DlxaACaAwJz
cnjJz4jQ09MqmqN6/rZ1EBs=
=aJv2
-----END PGP SIGNATURE-----
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug