From af96cba0cc726962e72c21117e982a973ea0d7a4 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Mon, 19 Jan 2009 10:21:50 +0000
Subject: [PATCH] 	* etc/login.defs: Improve the documentation of UMASK.

---
 ChangeLog      |  1 +
 etc/login.defs | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3ea3b846..10299489 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
 	* man/limits.5.xml: Remove space before an end of tag.
 	* man/useradd.8.xml, man/login.defs.d/CREATE_HOME.xml,
 	man/login.defs.5.xml: Document the CREATE_HOME variable.
+	* etc/login.defs: Improve the documentation of UMASK.
 
 2009-01-06  Sebastian Rick Rijkers  <srrijkers@gmail.com>
 
diff --git a/etc/login.defs b/etc/login.defs
index dbb96486..6dc46953 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -169,7 +169,6 @@ TTYPERM		0600
 #
 #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
 #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
-#	UMASK		Default "umask" value.
 #	ULIMIT		Default "ulimit" value.
 #
 # The ERASECHAR and KILLCHAR are used only on System V machines.
@@ -180,9 +179,16 @@ TTYPERM		0600
 #
 ERASECHAR	0177
 KILLCHAR	025
-UMASK		022
 #ULIMIT		2097152
 
+# Default initial "umask" value for non-PAM enabled systems.
+# UMASK is also used by useradd and newusers to set the mode of new home
+# directories.
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+UMASK		022
+
 #
 # Password aging controls:
 #