Author: fsmithred Date: To: dng Subject: Re: [DNG] useradd defaults
On 04/03/2016 08:05 PM, Boruch Baum wrote: >
> 1] /etc/default/useradd. I don't know that I have easy access to a
> default debian image or /etc/default/useradd file in order to compare
> with my expectations, which were:
>
> HOME=/home
> INACTIVE=-1
> SHELL=/bin/bash
> SKEL=/etc/skel
> CREATE_MAIL_SPOOL=yes
>
My wheezy and squeeze are the same, with the addition of "EXPIRE=".
> 2] /etc/profile
>
> 2.2] umask. This was a shocker, security-wise. The default umask is set
> to 022 instead of the better 027 or, my preference, 077. My memory is
> that on other systems on which I've seen the command seemingly
> hard-coded for 022, the fix to 027 or 077 was placed in this file.
>
022 is standard for Debian.
>From man pam_umask: "Add the following line to /etc/pam.d/login to set the user specific
umask at login: