[Bug 253096] Re: pam_umask.so not called in /etc/pam.d/common-session{, -noninteractive}

Launchpad Bug Tracker 253096 at bugs.launchpad.net
Fri Jun 24 09:15:18 UTC 2011 

This bug was fixed in the package pam - 1.1.3-1ubuntu3

---------------
pam (1.1.3-1ubuntu3) oneiric; urgency=low

  [ Steve Langasek ]
  * debian/patches/pam_motd-legal-notice: use pam_modutil_gain/drop_priv
    common helper functions, instead of hand-rolled uid-setting code.

  [ Martin Pitt ]
  * debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
    (LP: #253096, UbuntuSpec:umask-to-0002)
  * debian/local/pam-auth-update: Add the new md5sum of above files.
  * Add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it from
    /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there.
    This restores compatibility with the pre-PAM behaviour of login.
    (Closes: #583958)
 -- Martin Pitt <martin.pitt at ubuntu.com>   Fri, 24 Jun 2011 11:07:57 +0200

** Changed in: pam (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/253096

Title:
  pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}

Status in “pam” package in Ubuntu:
  Fix Released

Bug description:
  The pam_umask.so module determines the umask (from system and user
  config files) and sets it for users accordingly.

  from /etc/login.defs:
  # the use of pam_umask is recommended as the solution which
  # catches all these cases on PAM-enabled systems.

  The umask itself should not be set in /etc/pam.d/common-account, but
  pam_umask needs to be called from there.

  The system's default UMASK remains in /etc/login.defs, setting it in
  common-account would override login.defs *and* any user specific
  configs in gecos fields, see man pam_umask.

  The option "usergroups" is neccessary to have pam_umask check if the
  user has a private user group and re-enables appropriate group
  permission setting for save and easy user collaboration (Info in Bug
  #252351).

  The line needed to call pam_umask in /etc/pam.d/common-account is:
  session optional pam_umask.so usergroups

  (This reflects the settings that are in /etc/login.defs, but have not
  been working since pam broke it.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/253096/+subscriptions

More information about the foundations-bugs mailing list