On 06/18/2017 07:18 PM, stan wrote:
On Mon, 19 Jun 2017 05:49:20 +0800 Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
You haven't described your environment.
Home workstation with no web facing services.
As a minor point, I'd mention that Fedora's default umask is 002, not
022, except for the root user.
I think either is fine. umask governs how you share files with other
authorized users of the local computer system (where "local" is defined
as all hosts sharing the same user database). I only share computing
systems with people that I want to work with, so the default umask of
002 is entirely appropriate.
For single-user systems (workstations), umask has no practical effect.
I don't believe there have been any changes in "today's security
atmosphere" relevant to collaborative work, where umask applies. That
phrase brings to mind an increase in malware, which is a concern, but
not one that umask can affect in any way. If malware makes its way on
to your workstation, it's almost certainly running under your account.
It has exactly the same permission as any one of your other processes.
umask doesn't change that.
It seems to me that linux depends a lot on file
permissions for security, particularly for root.
If we're going to discuss general security practices and principals, I'd
start with: Don't log in as root.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
