:: Re: [DNG] useradd defaults
Top Page
Delete this message
Reply to this message
Author: Rainer Weikusat
Date:  
To: dng
Subject: Re: [DNG] useradd defaults
Boruch Baum <boruch_baum@???> writes:

[...]

> 2.2] umask. This was a shocker, security-wise. The default umask is set
> to 022 instead of the better 027 or, my preference, 077. My memory is
> that on other systems on which I've seen the command seemingly
> hard-coded for 022, the fix to 027 or 077 was placed in this file.


Ultimatively, the lineage of everything-UNIX(*) is that of a research
and development system used by a group of people who weren't fighting
each other. Hence, the default policy of every file being world-readable
unless this is specifically prevented. Other people have had even more
'radical' ideas about this in the past.

    In the old days on ITS it was considered desirable that everyone
    could look at any file, change any file, because we had reasons
    to. I remember one interesting scandal where somebody sent a
    request for help in using Macsyma. Macsyma is a symbolic algebra
    program that was developed at MIT. He sent to one of the people
    working on it a request for some help, and he got an answer a
    few hours later from somebody else. He was horrified, he sent a
    message “so-and-so must be reading your mail, can it be that
    mail files aren't properly protected on your system?” “Of
    course, no file is protected on our system. What's the problem?
    You got your answer sooner; why are you unhappy? Of course we
    read each other's mail so we can find people like you and help
    them”. Some people just don't know when they're well off.


        http://www.gnu.org/philosophy/stallman-kth.en.html