FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-10-2010, 04:14 PM
Aaron Toponce
 
Default UPG and the default umask

Debian, by default, utilizes the user private group scheme (UPG). This
means that when a new user is created on a system, a group of the same
name, if not already in place, is created, and the user is placed in the
group, as the only user. Thus, when new files (dirs, etc) are created by
that user, the group added to that new file is the UPG of the user.

For example:

# useradd foo
# id foo
uid=1000(foo) gid=1000(foo) groups=1000(foo) [snip]
# su - foo
$ touch newfile
$ ls -l newfile
-rw-r--r-- 1 foo foo 0 May 10 10:05 newfile

So, the appropriate group is applied, and the user foo is the only
member of the foo group. But, do you see a problem? The group
permissions are 'r--', even though 'foo' is the only member of the 'foo'
group. This means the umask is '0022'. If we change the default umask to
'0002', then the appropriate permissions will be applied with the group:

$ umask 0002
$ touch anotherfile
$ ls -l anotherfile
-rw-rw-r-- 1 foo foo 0 May 10 10:06 anotherfile

As it sits, having the default umask set as '0022' isn't breaking
anything, but it's no longer needed. It's just historical baggage coming
from the 'users' group on older UNIX systems, where any new user added
to the system was added to the 'users' group by default. Thus, removing
the write bit made sense. It doesn't make any sense with UPG.

For comparison's sake, Fedora (and as a result, RHEL/CentOS/etc) have
implemented '0002' as their default umask, as they implement UPG.
openSUSE and family, however, still use the 'users' group, so it makes
sense for them to use '0022' for their value.

I guess I'm more or less curious why we're still using this outdated
umask value with UPG. What would it take for Debian to update our
default umask to match the UPG scheme? Is this doable for Sqeeze? Are
there reasons for not making the switch?

Thanks,
--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 
Old 05-10-2010, 04:23 PM
Julien Cristau
 
Default UPG and the default umask

On Mon, May 10, 2010 at 10:14:00 -0600, Aaron Toponce wrote:

> I guess I'm more or less curious why we're still using this outdated
> umask value with UPG. What would it take for Debian to update our
> default umask to match the UPG scheme? Is this doable for Sqeeze? Are
> there reasons for not making the switch?
>
Are there reasons for making the switch? With user groups, umask 002 or
022 doesn't make a difference. To switch off user groups, you set
USERGROUPS=no in adduser.conf, and that's it.

Cheers,
Julien
 
Old 05-10-2010, 04:40 PM
Aaron Toponce
 
Default UPG and the default umask

On 5/10/2010 10:23 AM, Julien Cristau wrote:
> On Mon, May 10, 2010 at 10:14:00 -0600, Aaron Toponce wrote:
> Are there reasons for making the switch? With user groups, umask 002 or
> 022 doesn't make a difference. To switch off user groups, you set
> USERGROUPS=no in adduser.conf, and that's it.

The biggest reason for making the change is when group collaboration
becomes a necessity. Suppose you have an 'devel' group on the system,
and a central directory where the collaboration happens. Because of the
default umask value being '0022', the users must make sure that they
have 'umask 0002' in their shell rc file, or as appropriate, or they
must be constantly calling chmod to change the group permissions when
new files are created. If the default umask is '0002' on a UPG system,
then this checklist item doesn't need to be worried about.

For example:

$ id
uid=1000(foo) gid=1000(foo) groups=1000(foo) [snip]
$ mkdir src
$ ls -ld src
drwxr-xr-x 45 foo foo 4096 May 10 10:36 src/
$ chgrp devel src
$ ls -ld src
drwxr-xr-x 45 foo devel 4096 May 10 10:36 src/
$ chmod g+ws src
$ ls -ld src
drwxrwsr-x 45 foo devel 4096 May 10 10:36 src/
$ cd src
$ touch foo.c
$ ls -l foo.c
-rw-r--r-- 45 foo devel 4096 May 10 10:36 foo.c
$ chmod g+w foo.c

etc.

Again, this headache can be eliminated by setting the umask to '0002' in
their .bashrc, .profile, etc, or it could just be set it system-wide,
seeing as though we're implementing UPG from the outset.

In my professional experience, I've seen cron jobs setup to navigate to
a development directory, and 'chmod -R g+w *' to make sure the write bit
is set, which is rather pathetic (and inappropriate) if you ask me.

--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 

Thread Tools




All times are GMT. The time now is 06:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org