I have been wondering for a long time (and did some searches) if it
would make sense for obsd to have a default umask of 0077, in the
/etc/profile or /etc/skel files on new installs, or what I'm missing.
I imagine it helping a new user who hasn't learned yet about umask, to
not create files readable by all other users, until ready for
that, thus being even more secure by default. Maybe the default
permissions on new home directories already covers that issue? Yet
there are possible files in the /tmp folder; I don't know in all cases
which is why I set my own system with 0077.
I've been running that way and the only problem I've noticed (so far) is
in some uses of pkg_add I had to set the umask back to 0022 first and
reset it after, for some things to work, which I did in a wrapper script.
Most likely it's just about my ignorance. Thanks.
ps: thanks for 6.9 etc!
No comments:
Post a Comment