From e1f06f07bcde9781f84f7a3695e607f14d6f6416 Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler Date: Sat, 22 Jun 2024 16:01:21 +0200 Subject: [PATCH] Set same umask policy as PAM by default Closes: #1068704, #1070085 --- debian/login.defs | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/debian/login.defs b/debian/login.defs index 011494b9..e58b284e 100644 --- a/debian/login.defs +++ b/debian/login.defs @@ -116,32 +116,15 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# UMASK Default "umask" value. # # The ERASECHAR and KILLCHAR are used only on System V machines. # -# UMASK is the default umask value for pam_umask and is used by -# useradd and newusers to set the mode of the new home directories. -# 022 is the "historical" value in Debian for UMASK -# 027, or even 077, could be considered better for privacy -# There is no One True Answer here : each sysadmin must make up his/her -# mind. -# -# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value -# for private user groups, i. e. the uid is the same as gid, and username is -# the same as the primary group name: for these, the user permissions will be -# used as group permissions, e. g. 022 will become 002. -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# ERASECHAR 0177 KILLCHAR 025 -UMASK 022 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # home directories. -# If HOME_MODE is not set, the value of UMASK is used to create the mode. -#HOME_MODE 0700 +HOME_MODE 0700 # # Password aging controls: