FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-12-2010, 12:21 AM
Charles Plessy
 
Default UPG and the default umask

Le Mon, May 10, 2010 at 10:40:58AM -0600, Aaron Toponce a écrit :
> On 5/10/2010 10:23 AM, Julien Cristau wrote:
> > On Mon, May 10, 2010 at 10:14:00 -0600, Aaron Toponce wrote:
> > Are there reasons for making the switch? With user groups, umask 002 or
> > 022 doesn't make a difference. To switch off user groups, you set
> > USERGROUPS=no in adduser.conf, and that's it.
>
> The biggest reason for making the change is when group collaboration
> becomes a necessity. Suppose you have an 'devel' group on the system,
> and a central directory where the collaboration happens. Because of the
> default umask value being '0022', the users must make sure that they
> have 'umask 0002' in their shell rc file, or as appropriate, or they
> must be constantly calling chmod to change the group permissions when
> new files are created. If the default umask is '0002' on a UPG system,
> then this checklist item doesn't need to be worried about.

Dear all,

I agree with the above. See for instance the case of Alioth, where many
documented operations start with ‘umask 002’:
http://www.google.com/search?q=alioth+"umask+002"

If this umask is the convention in most other unix systems that use private
user groups by default, perhaps we should follow the priciple of least
surprise and adopt the same default. On the other hand, the priciple
of least surprise has also been invoked against having an umask of 002,
in http://bugs.debian.org/248140.

The default of 022 is also not completely in line with the Securing Debian Manual:
‘Debian's scheme solves this problem by assigning each user to their own group;
so that with a proper umask (0002) and the SETGID bit set on a given project
directory, the correct group is automatically assigned to files created in that
directory. This makes it easier for people who work on multiple projects,
because they will not have to change groups or umasks when working on shared
files.’
http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.13

The decision of using 022 as a default umask seems to have been taken in 1994,
after discussions that I did not have time to read this morning:
http://lists.debian.org/debian-user/1994/03/msg00105.html
(and other off-thread messages in http://lists.debian.org/debian-user/1994/03/threads.html)
Perhaps 16 years later, in light of the experience accumulated in Debian and in the
other distributions, we can re-think the default in Debian, that seems to be
at odds with current practices?

Have a nice day,

--
Charles Plessy
Tsurumi, Kanagawa, Japan


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100512002101.GA9625@kunpuu.plessy.org">http://lists.debian.org/20100512002101.GA9625@kunpuu.plessy.org
 
Old 05-12-2010, 01:09 AM
Russ Allbery
 
Default UPG and the default umask

Julien Cristau <jcristau@debian.org> writes:
> On Mon, May 10, 2010 at 10:14:00 -0600, Aaron Toponce wrote:

>> I guess I'm more or less curious why we're still using this outdated
>> umask value with UPG. What would it take for Debian to update our
>> default umask to match the UPG scheme? Is this doable for Sqeeze? Are
>> there reasons for not making the switch?

> Are there reasons for making the switch? With user groups, umask 002 or
> 022 doesn't make a difference. To switch off user groups, you set
> USERGROUPS=no in adduser.conf, and that's it.

Aaron already explained this, but I was confused for quite some time about
the point of UPG and I'm not sure I would have gotten it from his
explanation, so let me say basically the same thing he said in different
words.

The purpose of UPG is not to use the user private group for any sort of
access control. Rather, the point is to put each user in a group where
they're the only member so that they can safely use a default umask of 002
without giving someone else write access to all their files. Then, the
right thing will happen when that user edits files in a shared space owned
by some *other* group. Without UPG, you can't safely set a umask of 002,
but when UPG is in place, you should be able to without broadening the
access granted to the user's own files by default. It then makes project
directories with a sticky GID bit *much* more useful.

UPG without a umask of 002 is pointless. One may as well just put all
users in a users group.

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87fx1ykjrt.fsf@windlord.stanford.edu">http://lists.debian.org/87fx1ykjrt.fsf@windlord.stanford.edu
 
Old 05-12-2010, 03:38 AM
Aaron Toponce
 
Default UPG and the default umask

On 05/11/2010 07:09 PM, Russ Allbery wrote:
> Aaron already explained this, but I was confused for quite some time about
> the point of UPG and I'm not sure I would have gotten it from his
> explanation, so let me say basically the same thing he said in different
> words.
>
> The purpose of UPG is not to use the user private group for any sort of
> access control. Rather, the point is to put each user in a group where
> they're the only member so that they can safely use a default umask of 002
> without giving someone else write access to all their files. Then, the
> right thing will happen when that user edits files in a shared space owned
> by some *other* group. Without UPG, you can't safely set a umask of 002,
> but when UPG is in place, you should be able to without broadening the
> access granted to the user's own files by default. It then makes project
> directories with a sticky GID bit *much* more useful.
>
> UPG without a umask of 002 is pointless. One may as well just put all
> users in a users group.

Well said.

--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 
Old 05-12-2010, 04:26 AM
Noah Meyerhans
 
Default UPG and the default umask

On Tue, May 11, 2010 at 06:09:58PM -0700, Russ Allbery wrote:
> UPG without a umask of 002 is pointless. One may as well just put all
> users in a users group.

Right, our default setup is a strange and basically meaningless blend of
two different approaches to user primary groups.

One approach would be for users to be in a shared group (typically
"users", but a project- or organization-specific group would also be
common) and would have a more restrictive default umask (probably 022,
or maybe something even more strictive like 077). Users can than share
files with other members of their primary group by granting access using
chmod.

The other approach is to use private groups, like we do in Debian, but
with a more permissive default umask (probably 002). Collaboration is
then achieved by setting the setgid bit on a directory where the
collaborative work is being done.

Either of these approaches is OK. User's files are not writable by
anybody but that user unless explicit steps are taken.

Our default settings, however, break both of these approaches. The
first doesn't work because the group permissions are effectively
meaningless, since there isn't anybody but the user in the group. The
second is broken because the umask is too restrictive, so changing the
group ownership of a file doesn't accomplish anything.

It would be interesting to see the discussion that lead to our current
default setup, if anybody feels like combing the archives...

noah
 
Old 05-12-2010, 06:56 AM
Holger Levsen
 
Default UPG and the default umask

Hi,

On Mittwoch, 12. Mai 2010, Noah Meyerhans wrote:
> Right, our default setup is a strange and basically meaningless blend of
> two different approaches to user primary groups.
[...]
> Either of these approaches is OK. User's files are not writable by
> anybody but that user unless explicit steps are taken.
>
> Our default settings, however, break both of these approaches.
[..]
> It would be interesting to see the discussion that lead to our current
> default setup, if anybody feels like combing the archives...

Wouldn't it be more interesting to file a bug and get it fixed for squeeze?
Mailing list discussions tend to get, well, forgotten...


cheers,
Holger
 
Old 05-12-2010, 07:19 AM
Stefano Zacchiroli
 
Default UPG and the default umask

On Tue, May 11, 2010 at 06:09:58PM -0700, Russ Allbery wrote:
> Aaron already explained this, but I was confused for quite some time about
> the point of UPG and I'm not sure I would have gotten it from his
> explanation, so let me say basically the same thing he said in different
> words.
<snip>
> UPG without a umask of 002 is pointless. One may as well just put all
> users in a users group.

[ As always, I'm impressed by your ability to expose things clearly ]

Can you, or Aaron, or anyone else interested in the matter submit a
proper bug report (at least against "login" for /etc/login.defs)
summarizing the point in favor and against the change (if any resisted
this presentation)?

That way it would be easier to track the status of this proposed change.

Cheers.

--
Stefano Zacchiroli -o- PhD in Computer Science PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c' ..| . |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu tous ceux que j'aime
 
Old 05-13-2010, 01:43 AM
Charles Plessy
 
Default UPG and the default umask

found 248140 5.3
thanks

Dear Santiago,

You probably have seen the discussion about user private groups on debian-devel
this week: http://lists.debian.org/msgid-search/4BE830C8.5050009@gmail.com

The core argument is that since user private groups are not meant to be shared,
and that therefore an umask of 002 is not creating security risk. On the other
hand, an umask of 022 is preventing from harvesting the benefits of user
private groups. See in particular the summarry from Russ Allbery:
http://lists.debian.org/87fx1ykjrt.fsf@windlord.stanford.edu

I read this bug report (http://bugs.debian.org/248140) and indeed, if users
have been used that Debian has an umask of 022, perhaps the change could be
surprising. However, it would not affect existing systems. I can propose a
patch to the release notes if pepole think it would be useful.

If no stronger objections against a change from 022 to 002 is raised, would you
agree changing base-files so that /etc/profile uses 002 on new systems?

Have a nice day,

--
Charles Plessy
Tsurumi, Kanagawa, Japan


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100513014356.GA15982@kunpuu.plessy.org">http://lists.debian.org/20100513014356.GA15982@kunpuu.plessy.org
 
Old 05-13-2010, 09:34 AM
Philipp Kern
 
Default UPG and the default umask

On 2010-05-13, Charles Plessy <plessy@debian.org> wrote:
> If no stronger objections against a change from 022 to 002 is raised, would you
> agree changing base-files so that /etc/profile uses 002 on new systems?

Doesn't that lead to "great fun" if you activate NIS or similar means
to sync unix users and groups on such systems, if they aren't set up to
use UPG too? So that would need a big fat warning in the release notes
and somehow I fear bad PR. :P

Kind regards,
Philipp Kern


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: slrnhunhsn.2hq.trash@kelgar.0x539.de">http://lists.debian.org/slrnhunhsn.2hq.trash@kelgar.0x539.de
 
Old 05-13-2010, 09:38 AM
Andrei Popescu
 
Default UPG and the default umask

On Thu,13.May.10, 09:34:15, Philipp Kern wrote:
> On 2010-05-13, Charles Plessy <plessy@debian.org> wrote:
> > If no stronger objections against a change from 022 to 002 is raised, would you
> > agree changing base-files so that /etc/profile uses 002 on new systems?
>
> Doesn't that lead to "great fun" if you activate NIS or similar means
> to sync unix users and groups on such systems, if they aren't set up to
> use UPG too? So that would need a big fat warning in the release notes
> and somehow I fear bad PR. :P

How about a message on debian-security-announce ?

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 05-13-2010, 09:45 AM
Lucas Nussbaum
 
Default UPG and the default umask

On 13/05/10 at 09:34 +0000, Philipp Kern wrote:
> On 2010-05-13, Charles Plessy <plessy@debian.org> wrote:
> > If no stronger objections against a change from 022 to 002 is raised, would you
> > agree changing base-files so that /etc/profile uses 002 on new systems?
>
> Doesn't that lead to "great fun" if you activate NIS or similar means
> to sync unix users and groups on such systems, if they aren't set up to
> use UPG too?

How would that result in a problem?

- Lucas


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100513094504.GA31554@xanadu.blop.info">http://lists.debian.org/20100513094504.GA31554@xanadu.blop.info
 

Thread Tools




All times are GMT. The time now is 04:30 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org