:: Re: [DNG] useradd defaults
Top Page
Delete this message
Reply to this message
Author: fsmithred
Date:  
To: dng
Subject: Re: [DNG] useradd defaults
On 04/03/2016 08:05 PM, Boruch Baum wrote:
>
> 1] /etc/default/useradd. I don't know that I have easy access to a
> default debian image or /etc/default/useradd file in order to compare
> with my expectations, which were:
>
> HOME=/home
> INACTIVE=-1
> SHELL=/bin/bash
> SKEL=/etc/skel
> CREATE_MAIL_SPOOL=yes
>


My wheezy and squeeze are the same, with the addition of "EXPIRE=".


> 2] /etc/profile
>
> 2.2] umask. This was a shocker, security-wise. The default umask is set
> to 022 instead of the better 027 or, my preference, 077. My memory is
> that on other systems on which I've seen the command seemingly
> hard-coded for 022, the fix to 027 or 077 was placed in this file.
>


022 is standard for Debian.

>From man pam_umask:

"Add the following line to /etc/pam.d/login to set the user specific
umask at login:

session optional pam_umask.so umask=0022"

Or set it to what you want.

-fsr