emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Revert "add new HOME_MODE login.defs(5) option"

Browse Source 
Missing file

This reverts commit a847899b52.
This commit is contained in:
Serge Hallyn 2020-01-12 07:56:19 -06:00
parent 9f7f3b013e
commit 93f1f35123
6 changed files with 7 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/login.defs
View File

@ -195,17 +195,12 @@ KILLCHAR 025
# Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
# home directories if HOME_MODE is not set. # home directories.
# 022 is the default value, but 027, or even 077, could be considered # 022 is the default value, but 027, or even 077, could be considered
# for increased privacy. There is no One True Answer here: each sysadmin # for increased privacy. There is no One True Answer here: each sysadmin
# must make up their mind. # must make up their mind.
UMASK 022 UMASK 022
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
#HOME_MODE 0700
# #
# Password aging controls: # Password aging controls:
# #

1
lib/getdef.c
View File

@ -93,7 +93,6 @@ static struct itemdef def_table[] = {
{"FAKE_SHELL", NULL}, {"FAKE_SHELL", NULL},
{"GID_MAX", NULL}, {"GID_MAX", NULL},
{"GID_MIN", NULL}, {"GID_MIN", NULL},
{"HOME_MODE", NULL},
{"HUSHLOGIN_FILE", NULL}, {"HUSHLOGIN_FILE", NULL},
{"KILLCHAR", NULL}, {"KILLCHAR", NULL},
{"LASTLOG_UID_MAX", NULL}, {"LASTLOG_UID_MAX", NULL},

4
man/login.defs.5.xml
View File

@ -50,7 +50,6 @@
<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml"> <!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml"> <!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml"> <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
<!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml"> <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml"> <!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml"> <!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
@ -186,7 +185,6 @@
&FAKE_SHELL; &FAKE_SHELL;
&FTMP_FILE; &FTMP_FILE;
&GID_MAX; <!-- documents also GID_MIN --> &GID_MAX; <!-- documents also GID_MIN -->
&HOME_MODE;
&HUSHLOGIN_FILE; &HUSHLOGIN_FILE;
&ISSUE_FILE; &ISSUE_FILE;
&KILLCHAR; &KILLCHAR;
@ -403,7 +401,6 @@
ENCRYPT_METHOD ENCRYPT_METHOD
GID_MAX GID_MIN GID_MAX GID_MIN
MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
HOME_MODE
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase> SHA_CRYPT_MIN_ROUNDS</phrase>
@ -484,7 +481,6 @@
<para> <para>
CREATE_HOME CREATE_HOME
GID_MAX GID_MIN GID_MAX GID_MIN
HOME_MODE
LASTLOG_UID_MAX LASTLOG_UID_MAX
MAIL_DIR MAX_MEMBERS_PER_GROUP MAIL_DIR MAX_MEMBERS_PER_GROUP
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE

3
man/login.defs.d/UMASK.xml
View File

@ -37,8 +37,7 @@
</para> </para>
<para> <para>
<command>useradd</command> and <command>newusers</command> use this <command>useradd</command> and <command>newusers</command> use this
mask to set the mode of the home directory they create if mask to set the mode of the home directory they create
<option>HOME_MODE</option> is not set.
</para> </para>
<para condition="no_pam"> <para condition="no_pam">
It is also used by <command>login</command> to define users' initial It is also used by <command>login</command> to define users' initial

6
src/newusers.c
View File

@ -1216,9 +1216,9 @@ int main (int argc, char **argv)
if ( ('\0' != fields[5][0]) if ( ('\0' != fields[5][0])
&& (access (newpw.pw_dir, F_OK) != 0)) { && (access (newpw.pw_dir, F_OK) != 0)) {
/* FIXME: should check for directory */ /* FIXME: should check for directory */
mode_t mode = getdef_num ("HOME_MODE", mode_t msk = 0777 & ~getdef_num ("UMASK",
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); GETDEF_DEFAULT_UMASK);
if (mkdir (newpw.pw_dir, mode) != 0) { if (mkdir (newpw.pw_dir, msk) != 0) {
fprintf (stderr, fprintf (stderr,
_("%s: line %d: mkdir %s failed: %s\n"), _("%s: line %d: mkdir %s failed: %s\n"),
Prog, line, newpw.pw_dir, Prog, line, newpw.pw_dir,

5
src/useradd.c
View File

@ -2155,9 +2155,8 @@ static void create_home (void)
} }
(void) chown (prefix_user_home, user_id, user_gid); (void) chown (prefix_user_home, user_id, user_gid);
mode_t mode = getdef_num ("HOME_MODE", chmod (prefix_user_home,
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
chmod (prefix_user_home, mode);
home_added = true; home_added = true;
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog, audit_logger (AUDIT_ADD_USER, Prog,