Last modified: 2014-08-26 17:45:01 UTC
Given the default sharing of tools by group members, 0002 would make more sense as a default umask.
This should be the default, now.
Re-opening this for further consideration. I think the default umask should be 0022, not 0002. The Toolserver defaults to 0022. If I create a .bash_profile and forget to change its permissions, by default any user in the wikidev group can modify it. Ouch.
(In reply to comment #2) > Re-opening this for further consideration. I think the default umask should > be > 0022, not 0002. The Toolserver defaults to 0022. > If I create a .bash_profile and forget to change its permissions, by default > any user in the wikidev group can modify it. Ouch. We need to differentiate between users and tools anyhow. For users, it should be 0022, for tools 0002. login.defs(5) suggests that we need to enable USERGROUPS_ENAB to achieve exactly that, but /etc/login.defs says it's enabled, yet "ssh tools-login.wmflabs.org umask" gives me 0022 (hooray!), but "ssh tools-login.wmflabs.org" and then "umask" 0002. Very confusing.
Memo to self: sudo has "umask" and "umask_override" to play with.
(In reply to Tim Landscheidt from comment #3) > [...] > login.defs(5) suggests that we need to enable USERGROUPS_ENAB to achieve > exactly that, but /etc/login.defs says it's enabled, yet "ssh > tools-login.wmflabs.org umask" gives me 0022 (hooray!), but "ssh > tools-login.wmflabs.org" and then "umask" 0002. Very confusing. In eqiad, "ssh tools-login.eqiad" and then "umask" gives now 0022 which is the same as "ssh tools-login.wmflabs.org umask".
What is the nature of the issue that remains, if any?