Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 938574 - sys-auth/pambase-20240128 add pam_umask.so
Summary: sys-auth/pambase-20240128 add pam_umask.so
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-27 22:00 UTC by Esteve Varela Colominas
Modified: 2024-08-28 14:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Esteve Varela Colominas 2024-08-27 22:00:06 UTC 
I write this ticket to advocate for the addition of the "pam_umask.so" plugin.

This plugin, when enabled, will by default honor the "UMASK" value specified in /etc/login.defs, which is historically what you'd be modifying to set the default umask value. By default, this is 022, which is what everyone already has on their systems, so adding this plugin should not cause any disturbances.

I think it's sensible to add this line to /etc/pam.d/system-login (which is inherited both by login/system-local-login and sshd/system-remote-login):

    session		optional	pam_umask.so
Comment 1 Esteve Varela Colominas 2024-08-27 22:39:51 UTC 
Arch linux seems to agree: https://gitlab.archlinux.org/archlinux/packaging/packages/pambase/-/blob/main/system-login?ref_type=heads

Slackware puts it in the elogind-user file.

Debian and Ubuntu put it in common-session and common-session-noninteractive, which is inherited by login, su, sudo, sshd, etc.

Fedora puts it in postlogin (file generated by authselect), which is inherited by login, su, sshd, etc.

OpenSUSE puts it in common-session and common-session-nonlogin, which is... only inherited by smtp? there's no login, su, sshd and other files...