[Bug 1685754] Re: 'systemd --user' unduly forces umask=0022
Launchpad Bug Tracker
1685754 at bugs.launchpad.net
Thu Mar 18 13:52:29 UTC 2021
This bug was fixed in the package systemd - 237-3ubuntu10.45
---------------
systemd (237-3ubuntu10.45) bionic; urgency=medium
[ Ioanna Alifieraki ]
* d/p/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch:
Do not shutdown immediately when scheduled shutdown fails (LP: #1911187)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=257135a59455f4e4063e78cdd3f5cfeca2597b5b
[ Dimitri John Ledkov ]
* d/p/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch:
meson: initialize time-epoch to reproducible builds compatible value
(LP: #1878969)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6f5a0c94ff4a486ee0b72af926672b24d16ff5a8
[ Dan Streetman ]
* d/p/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch:
- Fix failing test case under 5.8 kernel (LP: #1913189)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=15143ec6cd584a18866390a042348a543e5aa22d
* d/p/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch:
Thread-safe init of hashmap shared key (LP: #1913423)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95c189adb9c3e22576b26b084c7edf001cbc8307
* d/p/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch:
Add EliteBook to use micmute hotkey (LP: #1890448)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=19b48bdac5129aa772fbcd2dbf8d1bb5c30c1510
* d/p/debian/patches/lp1902553-test-disable-QEMU-based-testing-for-TEST-16-EXTEND-T.patch:
Disable TEST-03 run under qemu (LP: #1902553)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4e37d20ec379d169cfd53088d0c3b4d7bb65d25b
* d/p/debian/patches/lp1883447-seccomp-add-all-time64-syscalls.patch:
Add *time64 syscalls (LP: #1883447)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a459492c67c5c5855b03daca4b44141705495376
* d/p/lp1685754-pid1-by-default-make-user-units-inherit-their-umask-.patch:
Inherit umask for --user processes (LP: #1685754)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=00df8d0e76975594adb765182c587ef495262fe1
* d/p/debian/patches/lp1880258-log-nxdomain-as-debug.patch:
Change NXDOMAIN 'errors' to log level debug (LP: #1880258)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9684abed02669bfcf696763b887518cf54cd3f69
* d/p/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch:
Create symlink for hyperv-provided ptp device (LP: #1913763)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff2a9ed2ece6bbd86a3d57f42b26cb1a6ca2845a
-- Ioanna Alifieraki <ioanna-maria.alifieraki at canonical.com> Tue, 23
Feb 2021 03:45:01 +0200
** Changed in: systemd (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1685754
Title:
'systemd --user' unduly forces umask=0022
Status in systemd:
Unknown
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
Fix Released
Bug description:
[impact]
pam_umask, from /etc/passwd, is not honored in systemd --user
instances
[test case]
on a desktop system, edit /etc/passwd to change the test user entry
(e.g. the 'ubuntu' user) to include 'umask=007' in the GECOS field
(5th field). For example change:
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
to:
ubuntu:x:1000:1000:Ubuntu,umask=007:/home/ubuntu:/bin/bash
You may need to reboot for your X session to pick up the change.
Then, from the graphical desktop, open a terminal and run:
$ gnome-terminal -e sh
in the opened terminal, run:
$ umask
the number shown should be 0007, as set in the passwd file
[regression potential]
any regression would likely result in an incorrect umask for the user
whose passwd entry is modified.
[scope]
this is needed only for b
this is fixed in systemd upstream by commit
5e37d1930b41b24c077ce37c6db0e36c745106c7 which was first included in
v246, so this is fixed in g and later. This commit was also picked up
by Debian and included in the v245 release for focal, so this is fixed
in focal already.
[original description]
In order to set the default umask of my users to 027 or 007, I
followed the instructions provided in 'man pam_umask' :
In the 'gecos' field of '/etc/passwd', I have inserted 'umask=027' or
'umask=007' (for myself).
Then, MOST graphical applications systematically run with the correct
umask.
In particular, when I press Alt-F2, run 'xterm sh' and type 'umask',
it systematically displays 0007.
But when I press Alt-F2, run 'gnome-terminal -e sh' and type 'umask',
it systematically displays 0022.
That is BAD, and is a security issue.
Workaround : Inside the newly created '/etc/profile.d/umask.sh', and in each '~/.bashrc', add following content :
UMASK="$(grep -o "^$USER:.*,umask=0[0-7]*" /etc/passwd)"
if [ "$UMASK" ]; then
umask "${UMASK#$USER:*,umask=}"
fi
In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask
unchanged.
Thank you in advance for a quick correction.
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: gnome-terminal 3.20.2-1ubuntu8
ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
Uname: Linux 4.10.0-19-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Mon Apr 24 08:36:58 2017
InstallationDate: Installed on 2017-03-28 (26 days ago)
InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Beta amd64 (20170321)
SourcePackage: gnome-terminal
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1685754/+subscriptions
More information about the foundations-bugs
mailing list