[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Package umask issues



Hi Spot,

During FUDCON2 one of the TODO's I promised you was to send details about package umask issues. This is only an issue for sysadmins when they insist on using a system umask of 077 supposedly for some hardening reason. Two kinds of packages then have problems:

1) Packages with unowned files or directories. This of course has an obvious solution, simply own it. This is already covered in our packaging guidelines. MUST right?

2) Packages which create unpackaged files in scriptlets like %post
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136030
This is one example where this caused a problem. The quick and ugly workaround is to explicitly set umask at the beginning of the scriptlet. But the correct fix would be to make it so the software does not create files in %post. The latter solution is not always trivial.


Should we make #2 a SHOULD or MUST in guidelines?

Warren Togami
wtogami redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]