On Sun, May 22, 2022 at 10:30:48AM +0200, Vitaly Zaitsev via devel wrote: > On 21/05/2022 20:57, Demi Marie Obenour wrote: > > I think Fedora should go use an 0077 umask for this reason. > > Fedora is a general purpose distribution, so umask 0077 will create more > problems than it solves. > > Also by default the /home directories have 0700 chmod so no one but the > owner can access the files. > > 0022 will be better, IMO. It doesn't make sense to vote which setting is best. We have a configuration mechinism in /etc/login.defs which allows the administrator to set a suitable default, and the other parts of the distro must respect this configuration setting. (And as a distro, we just make sure that the default value of the default is consistent with other defaults, in particular how we set up users and groups.) In the ancient times, it made sense for the login shell to set the umask because it was the first program running as the user and the settings it applied were inherited by all of the user session. But now the shell is normally started as a child of other processes of the user, so something else has to set those settings, and it stopped making sense for the shell to try to set up the environment [*]. This is clearly described in https://bugzilla.redhat.com/show_bug.cgi?id=1940375: > please change /etc/bashrc to only touch umask if it is 000, and > leave the existing setting otherwise. This will resolve this discussion and fix other bugs too. Zbyszek [*] The only caveat to this is that when shell is started like init=/bin/bash, it *is* the first thing running, and it needs to set the umask in that case. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
