[Gllug] File permissions and umask on Ubuntu (and I think probably, Debian)

[John Winters]

Jason Clifford wrote:
> On Sat, 6 Jan 2007, John Winters wrote:
> 
>> describes how to configure things to set umask correctly using 
>> libpam-umask and I've done what it says.  This has had the desired 
>> effect on text mode logins, but not on Gnome sessions invoked through 
>> gdm.  I've tested putting different settings in 
>> /etc/pam.d/common-session and they come through correctly in an 
>> old-fashioned login, but every time I login through gdm I get 0022, 
>> regardless of what I asked for.
> 
> Have you considered just changing the system so users don't have their own 
> groups and using groups properly?

Just taking away the users' own groups wouldn't do anything to solve the 
original problem.

The rationale runs the other way around:

a) We want users to be able to work on shared material in a shared 
directory - e.g. a development project.
b) So we set up a group for the project, make all relevant users members 
of the group, set the group sticky bit on the directory and set users 
umasks to 0002.
c) Ah, but that means compromising users' own private files, unless 
they're each given their own group.

The method is well known and well documented.  Unfortunately it seems to 
have been just half implemented (the latter half) in Debian.  Going 
through the change logs it appears that it used to be fully implemented, 
but some of the functionality was lost with the migration to using PAM.

If you know a way of achieving this kind of file sharing without setting 
umasks to 0002 then I'd love to hear it.  Asking users to keep changing 
their umasks depending on what kind of work they're doing is *not* feasible.


John
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug