Re: libpam_umask setup

On Apr 30, 12:30 pm, NN_il_Confusionario <pinkof.pal...@tiscalinet.it> wrote:
> > * From: Bug <recvf...@gmail.com>
> >But when I login in, I still get umask 022. What step am I missing?
>
> I do not use pam_umask , but:
>
> (1) /usr/share/doc/libpam-umask/README says:
>
> If a user has a .pam_umask
> in his home directory, the contents will be used to set the umask.
>
> (2) Linkname: pam_umask(8) - Linux man page
> URL:http://linux.die.net/man/8/pam_umask
> says
>
> The PAM module tries to get the umask value from the following places in the following
> order:
> * umask= argument
> * umask= entry of the users GECOS field
> * pri= entry of the users GECOS field
> * ulimit= entry of the users GECOS field
> * UMASK= entry from /etc/default/login
> * UMASK entry from /etc/login.defs
>
> It also speaks about a debug option.
>
> Looking at the sources (apt-get source libpam-umask), I dubt that the
> man page applies to the debian version of libpam-umask, but a look at
> the above files (/etc/passwd) might be worthy.

Yes, the source doesn't indicate anything like that. It tried ~/.pam_umask
and then the "system" umask, passed as a argument in the form umask=[N]NNN.

I find this package a bit maddening. It mixes hyphens and underscores in names,
paths, etc. Although I have to admit, I've never seen a Debian package name with
an underscore in the name, so if that's the constraint, it can cause confusion.

The documentation is lacking some detail too, e.g. only by looking at the source
would you know that the ~/.pam_umask file should only contain [N]NNN, and not
umask=[N]NNN, or some other form. Where does one make suggestions for
improvement? To the package maintainer?

> (3) perhaps a
>
> # strace -f -o /tmp/login.strace.log login -f user
>
> might help

Those were all good suggestions, but when I tried the last one and found the
umask set as I expected, I went hunting. I was logging in via ssh using public
key authentication, and UsePAM was set to 'no' in my /etc/ssh/ sshd_config
file. My fault entirely! Now fixed and working properly. But perhaps the
lively discussion found at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314539 deserved another caveat.

Thanks for the pointers -- you saved the day!!!

-r

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek