Last modified: 2014-08-26 17:45:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48468, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 46468 - Default umask should be set to 0002
Default umask should be set to 0002
Status: REOPENED
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: Normal trivial
: ---
Assigned To: Marc A. Pelletier
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-22 22:27 UTC by Marc A. Pelletier
Modified: 2014-08-26 17:45 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc A. Pelletier 2013-03-22 22:27:28 UTC 
Given the default sharing of tools by group members, 0002 would make more sense as a default umask.
Comment 1 Marc A. Pelletier 2013-06-03 13:44:14 UTC 
This should be the default, now.
Comment 2 MZMcBride 2013-12-10 04:46:58 UTC 
Re-opening this for further consideration. I think the default umask should be 0022, not 0002. The Toolserver defaults to 0022.

If I create a .bash_profile and forget to change its permissions, by default any user in the wikidev group can modify it. Ouch.
Comment 3 Tim Landscheidt 2014-01-19 22:05:19 UTC 
(In reply to comment #2)
> Re-opening this for further consideration. I think the default umask should
> be
> 0022, not 0002. The Toolserver defaults to 0022.

> If I create a .bash_profile and forget to change its permissions, by default
> any user in the wikidev group can modify it. Ouch.

We need to differentiate between users and tools anyhow.  For users, it should be 0022, for tools 0002.

login.defs(5) suggests that we need to enable USERGROUPS_ENAB to achieve exactly that, but /etc/login.defs says it's enabled, yet "ssh tools-login.wmflabs.org umask" gives me 0022 (hooray!), but "ssh tools-login.wmflabs.org" and then "umask" 0002.  Very confusing.
Comment 4 Tim Landscheidt 2014-01-20 16:16:02 UTC 
Memo to self: sudo has "umask" and "umask_override" to play with.
Comment 5 Tim Landscheidt 2014-03-17 20:01:42 UTC 
(In reply to Tim Landscheidt from comment #3)
> [...]
> login.defs(5) suggests that we need to enable USERGROUPS_ENAB to achieve
> exactly that, but /etc/login.defs says it's enabled, yet "ssh
> tools-login.wmflabs.org umask" gives me 0022 (hooray!), but "ssh
> tools-login.wmflabs.org" and then "umask" 0002.  Very confusing.

In eqiad, "ssh tools-login.eqiad" and then "umask" gives now 0022 which is the same as "ssh tools-login.wmflabs.org umask".
Comment 6 Marc A. Pelletier 2014-08-26 17:45:01 UTC 
What is the nature of the issue that remains, if any?
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links