Bug 1259

Summary: Set default umask to 0027 (Was: User's homedir world readable)
Product: Mageia Reporter: Frederik Himpe <fhimpe>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: enhancement    
Priority: Normal CC: dmorganec, marja11, pterjan
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: (Mga2)
Source RPM: bash 4.2-5.mga1 msec 0.80.10-2.mga1 CVE:
Status comment:

Description Frederik Himpe 2011-05-13 16:08:07 CEST 
The homedir of the user I created during the installer, had 755 permissions. Hence when I create a second user on my system using userdrake, this user can enter the first user's homedir and even read its documents (because default umask is 0022).

The homedir of the second user created using userdrake after the installation, had 0700 permissions, so that's fine.

Maybe you should also consider setting the default umask to 0027, as users have their private group anyway, and can simply add other users to their own private group if they want to make files accessible for others.
Comment 1 Ahmad Samir 2011-05-13 19:20:43 CEST 
First part is bug 618.

Keeping it open for the default umask changing suggestion.

There's no definite package which could have all these fixed, as the umask is set by /etc/bashrc and msec sets another umask, i.e. it's a mess.

CC: (none) => pterjan

Ahmad Samir 2011-05-13 19:56:51 CEST

Component: Installer => RPM Packages

Comment 2 Marja Van Waes 2011-10-13 17:31:55 CEST 
(In reply to comment #1)
> First part is bug 618.
> 
> Keeping it open for the default umask changing suggestion.
> 
> There's no definite package which could have all these fixed, as the umask is
> set by /etc/bashrc and msec sets another umask, i.e. it's a mess.

@ shlomif

As there isn't a msec maintainer yet, I'm assigning this bug to you (and AFAIK it is impossible to assign to two maintainers at the same time, anyway)

CC: (none) => marja11
Assignee: bugsquad => shlomif
Summary: User's homedir world readable => Set default umask to 0027 (Was: User's homedir world readable)
Source RPM: (none) => bash 4.2-5.mga1 msec 0.80.10-2.mga1
Severity: critical => enhancement

Comment 3 Marja Van Waes 2012-01-16 21:30:55 CET 
Pinging. because nothing happened to this report since more than 3 months ago, and it still has the status NEW or REOPENED.

@ Shlomif

There is a msec maintainer now, D Morgan. I'll cc him, but as you know, he might not see this comment. If you want to reassign this bug to him, that is fine with me (I suppose you'll have to work on it together, anyway)

CC: (none) => dmorganec

Comment 4 Shlomi Fish 2012-01-16 21:47:28 CET 
@ Marja: I'm assigning this to D Morgan.

Assignee: shlomif => dmorganec

Comment 5 Marja Van Waes 2012-05-26 13:09:30 CEST 
Hi,

This bug was filed against cauldron, but we do not have cauldron at the moment.

Please report whether this bug is still valid for Mageia 2.

Thanks :)

Cheers,
marja

Keywords: (none) => NEEDINFO

Marja Van Waes 2012-06-16 19:45:49 CEST

Keywords: NEEDINFO => (none)
Whiteboard: (none) => (Mga2)

Comment 6 Marja Van Waes 2013-04-25 20:16:01 CEST 
Still valid.

malo intends to change the default umask in shadow-utils to 0027 (see bug 618)
Comment 7 Marja Van Waes 2013-04-25 23:43:46 CEST 
(In reply to Marja van Waes from comment #6)

> malo intends to change the default umask in shadow-utils to 0027 (see bug
> 618)

https://ml.mageia.org/l/arc/dev/2013-04/msg00651.html :
> If the home is not even g+x, how are we supposed to share documents
> between users now?

> This will cause regressions for users that we were used to share
> documents between each other.
D Morgan 2013-09-17 23:51:31 CEST

Assignee: dmorganec => bugsquad

Comment 8 Samuel Verschelde 2016-10-11 21:11:07 CEST 
Closing as duplicate of bug 618 since any change would have to be done in a coherent way while solving it.

*** This bug has been marked as a duplicate of bug 618 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE