On Mon, 2017-06-19 at 07:05 -0700, stan wrote:
On Mon, 19 Jun 2017 07:55:59 +1000
Cameron Simpson <cs(a)zip.com.au> wrote:
> As remarked elsewhere, it does depend on your environment.
Well, yes, but it just seems that the default should be to the most
secure.
> I like 027 myself. Combined with setgid directories it leaves things
> readable by the group of the working area, but otherwise private.
> Then one just arranges group ownership. An workable default.
That seems reasonable, and would be better than the current default.
Bear in mind that by default Fedora allocates each user to his own
private group. Presumably someone who intentionally shares group
membership is expected to understand the implications and adjust umask
if necessary.
poc