From: Thorsten K. <ku...@su...> - 2010-10-20 09:08:11
|
On Wed, Oct 20, Dmitry V. Levin wrote: > Let's bring this discussion back to the list. > > On Fri, Oct 15, 2010 at 12:31:49PM +0200, Thorsten Kukuk wrote: > > On Thu, Oct 14, Dmitry V. Levin wrote: > > > > > I think it's time to prepare 1.1.3 release. > > > > Yes, I agree. I have still two open issues: > > - My suggestion to enhance the pam_env and pam_exec manual pages > > - pam_mkhomedir ignores the umask value for the home directory > > itself. I got quite some bug reports for that the last weeks. > > pam_mkhomedir currently honors the umask value for the home directory > itself, but it indeed ignores this value for all missing parent > directories and creates them with hardcoded permissions 0755. > I do not see how do you suggest to change this behavior. Hm, ok, closing the bug report now as Invalid ;) Sorry, I did trust the bug report without trying it myself. But maybe the bug report isn't very clear and it means they don't like the "create with 0755 and change later to final permissions". > Actually, pam_mkhomedir creates the home directory with hardcoded > permissions 0755, then populates it, and finally sets requires ownership > and permissions. I'd suggest to make it a bit more secure and create the > home directory with intermediate permissions 0700. I agree with you. > Also, there are no > need to check for parent directories on every recursion step. The only > place where missing parent directories should be created is the creation > of the home directory itself. I will take a look at that. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) |