[Bug 253096] Re: pam_umask.so not called in /etc/pam.d/common-session{, -noninteractive}
Martin Pitt
martin.pitt at ubuntu.com
Wed Jun 22 07:13:47 UTC 2011
Attached branch now adds pam_umask. I also tested that this works on
upgrade.
I did not add "usergroup", as this will be handled by parsing
/etc/login.defs for USERGROUP_ENAB, see
https://blueprints.launchpad.net/ubuntu/+spec/umask-to-0002
** Changed in: pam (Ubuntu)
Status: Triaged => Fix Committed
** Changed in: pam (Ubuntu)
Assignee: (unassigned) => Martin Pitt (pitti)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/253096
Title:
pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}
Status in “pam” package in Ubuntu:
Fix Committed
Bug description:
The pam_umask.so module determines the umask (from system and user
config files) and sets it for users accordingly.
from /etc/login.defs:
# the use of pam_umask is recommended as the solution which
# catches all these cases on PAM-enabled systems.
The umask itself should not be set in /etc/pam.d/common-account, but
pam_umask needs to be called from there.
The system's default UMASK remains in /etc/login.defs, setting it in
common-account would override login.defs *and* any user specific
configs in gecos fields, see man pam_umask.
The option "usergroups" is neccessary to have pam_umask check if the
user has a private user group and re-enables appropriate group
permission setting for save and easy user collaboration (Info in Bug
#252351).
The line needed to call pam_umask in /etc/pam.d/common-account is:
session optional pam_umask.so usergroups
(This reflects the settings that are in /etc/login.defs, but have not
been working since pam broke it.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/253096/+subscriptions
More information about the foundations-bugs
mailing list