[Bug 1093396] [NEW] Umask resulting of USERGROUPS_ENAB is ignored with sudo/kdesudo

xor 1093396 at bugs.launchpad.net
Mon Dec 24 05:27:54 UTC 2012 

Public bug reported:

- By default, /etc/login.defs has configured "USERGROUPS_ENABLE=yes". The part where you configure the UMASK in login.defs explains what this does to the UMASK:
    # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
    # for private user groups, i. e. the uid is the same as gid, and username is
    # the same as the primary group name: for these, the user permissions will be
    # used as group permissions, e. g. 022 will become 002.

- This should cause any newly created files by those users to be
writable by the group. However, this usergroups behavior is ignored when
the shell of the user is launched via sudo (or kdesudo) and the default
UMASK is used instead. This results in the files NOT being writable by
the group.

Reproducing it using Kubuntu12.10 amd64:

- Within a rootshell, create a user account with the following command:
    useradd --create-home --shell /bin/bash --user-group testuser

- Still as root, do
    sudo -u testuser -i

- Within the shell of the testuser, do
    touch testfile
    ll

- You will see that the file is NOT writable for the group.

- If you use "su - testuser" instead of sudo, the umask WILL be correct.

- The same issue applies to kdesudo.

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1093396

Title:
  Umask resulting of USERGROUPS_ENAB is ignored with sudo/kdesudo

Status in “sudo” package in Ubuntu:
  New

Bug description:
  - By default, /etc/login.defs has configured "USERGROUPS_ENABLE=yes". The part where you configure the UMASK in login.defs explains what this does to the UMASK:
      # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
      # for private user groups, i. e. the uid is the same as gid, and username is
      # the same as the primary group name: for these, the user permissions will be
      # used as group permissions, e. g. 022 will become 002.

  - This should cause any newly created files by those users to be
  writable by the group. However, this usergroups behavior is ignored
  when the shell of the user is launched via sudo (or kdesudo) and the
  default UMASK is used instead. This results in the files NOT being
  writable by the group.

  Reproducing it using Kubuntu12.10 amd64:

  - Within a rootshell, create a user account with the following command:
      useradd --create-home --shell /bin/bash --user-group testuser

  - Still as root, do
      sudo -u testuser -i

  - Within the shell of the testuser, do
      touch testfile
      ll

  - You will see that the file is NOT writable for the group.

  - If you use "su - testuser" instead of sudo, the umask WILL be
  correct.

  - The same issue applies to kdesudo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1093396/+subscriptions

More information about the foundations-bugs mailing list