diff --git a/SOURCES/shadow-utils.login.defs b/SOURCES/shadow-utils.login.defs index 0adfb66..12d516c 100644 --- a/SOURCES/shadow-utils.login.defs +++ b/SOURCES/shadow-utils.login.defs @@ -15,6 +15,20 @@ MAIL_DIR /var/spool/mail #MAIL_FILE .mail +# Default initial "umask" value used by login(1) on non-PAM enabled systems. +# Default "umask" value for pam_umask(8) on PAM enabled systems. +# UMASK is also used by useradd(8) and newusers(8) to set the mode for new +# home directories if HOME_MODE is not set. +# 022 is the default value, but 027, or even 077, could be considered +# for increased privacy. There is no One True Answer here: each sysadmin +# must make up their mind. +UMASK 022 + +# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new +# home directories. +# If HOME_MODE is not set, the value of UMASK is used to create the mode. +HOME_MODE 0700 + # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. @@ -59,10 +73,6 @@ SYS_GID_MAX 999 # CREATE_HOME yes -# The permission mask is initialized to this value. If not specified, -# the permission mask will be initialized to 022. -UMASK 077 - # This enables userdel to remove user groups if no members exist. # USERGROUPS_ENAB yes diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec index 24e0573..81dfeef 100644 --- a/SPECS/shadow-utils.spec +++ b/SPECS/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.6 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz @@ -259,6 +259,9 @@ done %{_mandir}/man8/vigr.8* %changelog +* Fri Aug 7 2020 Iker Pedrosa - 2:4.6-11 +- change UMASK value and add HOME_MODE in login.defs (#1777718) + * Tue May 5 2020 Iker Pedrosa - 2:4.6-10 - check only local groups when adding new supplementary groups to a user