I recently became aware that the default umask for Fedora is 022 when it caused problems for me that I had a different umask. This seems like an anachronism, a relic of a kinder, gentler time, when the computing atmosphere was more collegiate. Is it really appropriate that new files be created for a user with permissions of rwxr-xr-x in today's security atmosphere?
I set my umask to 077, so that no one can access anything.
I'm interested in other people's opinions, especially those arguing in favor of continuing to have a umask of 022. Am I overlooking something?
On Sun, Jun 18, 2017 at 01:24:17PM -0700, stan wrote:
I recently became aware that the default umask for Fedora is 022 when it caused problems for me that I had a different umask. This seems like an anachronism, a relic of a kinder, gentler time, when the computing atmosphere was more collegiate. Is it really appropriate that new files be created for a user with permissions of rwxr-xr-x in today's security atmosphere?
Minor correction, a umask 022 will set execute on new directories (drwxr-xr-x), but not new files. They would be -rw-r--r--.
I set my umask to 077, so that no one can access anything.
I'm interested in other people's opinions, especially those arguing in favor of continuing to have a umask of 022. Am I overlooking something? _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
End of included message <<<
On Sun, 18 Jun 2017 17:11:11 -0400 Jon LaBadie jonfu@jgcomp.com wrote:
Minor correction, a umask 022 will set execute on new directories (drwxr-xr-x), but not new files. They would be -rw-r--r--.
Not so minor! Thanks.
On 06/19/17 04:24, stan wrote:
I recently became aware that the default umask for Fedora is 022 when it caused problems for me that I had a different umask. This seems like an anachronism, a relic of a kinder, gentler time, when the computing atmosphere was more collegiate. Is it really appropriate that new files be created for a user with permissions of rwxr-xr-x in today's security atmosphere?
I set my umask to 077, so that no one can access anything.
I'm interested in other people's opinions, especially those arguing in favor of continuing to have a umask of 022. Am I overlooking something?
You haven't described your environment. Without that knowledge any advice on umask is questionable. Remember, umask isn't, and never was, intended to be a high security mechanism.
On Mon, 19 Jun 2017 05:49:20 +0800 Ed Greshko ed.greshko@greshko.com wrote:
You haven't described your environment. Without that knowledge any advice on umask is questionable. Remember, umask isn't, and never was, intended to be a high security mechanism.
Home workstation with no web facing services. I could probably get away with a umask of 000. Even for root. But it just seems wrong to give world read access to home files for a user, by default.
I think of security as layers, and good practices. While umask might not be a high security mechanism, there is no need to leave it weaker than it has to be. It seems to me that linux depends a lot on file permissions for security, particularly for root.
Thanks for your thoughts.
On 06/18/2017 07:18 PM, stan wrote:
On Mon, 19 Jun 2017 05:49:20 +0800 Ed Greshko ed.greshko@greshko.com wrote:
You haven't described your environment.
Home workstation with no web facing services.
As a minor point, I'd mention that Fedora's default umask is 002, not 022, except for the root user.
I think either is fine. umask governs how you share files with other authorized users of the local computer system (where "local" is defined as all hosts sharing the same user database). I only share computing systems with people that I want to work with, so the default umask of 002 is entirely appropriate.
For single-user systems (workstations), umask has no practical effect.
I don't believe there have been any changes in "today's security atmosphere" relevant to collaborative work, where umask applies. That phrase brings to mind an increase in malware, which is a concern, but not one that umask can affect in any way. If malware makes its way on to your workstation, it's almost certainly running under your account. It has exactly the same permission as any one of your other processes. umask doesn't change that.
It seems to me that linux depends a lot on file permissions for security, particularly for root.
If we're going to discuss general security practices and principals, I'd start with: Don't log in as root.
On Mon, 19 Jun 2017 10:03:35 -0700 Gordon Messmer gordon.messmer@gmail.com wrote:
As a minor point, I'd mention that Fedora's default umask is 002, not 022, except for the root user.
Thanks.
I think either is fine. umask governs how you share files with other authorized users of the local computer system (where "local" is defined as all hosts sharing the same user database). I only share computing systems with people that I want to work with, so the default umask of 002 is entirely appropriate.
How much damage would it do to you if their accounts were compromised?
That phrase brings to mind an increase in malware, which is a concern, but not one that umask can affect in any way. If malware makes its way on to your workstation, it's almost certainly running under your account. It has exactly the same permission as any one of your other processes. umask doesn't change that.
Good point.
On 18Jun2017 13:24, stan stanl-fedorauser@vfemail.net wrote:
I recently became aware that the default umask for Fedora is 022 when it caused problems for me that I had a different umask. This seems like an anachronism, a relic of a kinder, gentler time, when the computing atmosphere was more collegiate. Is it really appropriate that new files be created for a user with permissions of rwxr-xr-x in today's security atmosphere?
I set my umask to 077, so that no one can access anything.
I'm interested in other people's opinions, especially those arguing in favor of continuing to have a umask of 022. Am I overlooking something?
As remarked elsewhere, it does depend on your environment.
I like 027 myself. Combined with setgid directories it leaves things readable by the group of the working area, but otherwise private. Then one just arranges group ownership. An workable default.
Cheers, Cameron Simpson cs@zip.com.au
On Mon, 19 Jun 2017 07:55:59 +1000 Cameron Simpson cs@zip.com.au wrote:
As remarked elsewhere, it does depend on your environment.
Well, yes, but it just seems that the default should be to the most secure.
I like 027 myself. Combined with setgid directories it leaves things readable by the group of the working area, but otherwise private. Then one just arranges group ownership. An workable default.
That seems reasonable, and would be better than the current default.
Thanks.
On Mon, 2017-06-19 at 07:05 -0700, stan wrote:
On Mon, 19 Jun 2017 07:55:59 +1000 Cameron Simpson cs@zip.com.au wrote:
As remarked elsewhere, it does depend on your environment.
Well, yes, but it just seems that the default should be to the most secure.
I like 027 myself. Combined with setgid directories it leaves things readable by the group of the working area, but otherwise private. Then one just arranges group ownership. An workable default.
That seems reasonable, and would be better than the current default.
Bear in mind that by default Fedora allocates each user to his own private group. Presumably someone who intentionally shares group membership is expected to understand the implications and adjust umask if necessary.
poc
On Mon, 19 Jun 2017 16:48:40 +0100 Patrick O'Callaghan pocallaghan@gmail.com wrote:
Bear in mind that by default Fedora allocates each user to his own private group. Presumably someone who intentionally shares group membership is expected to understand the implications and adjust umask if necessary.
Another good point. It seems that my concerns about umask might be misguided.
On 19Jun2017 13:17, stan stanl-fedorauser@vfemail.net wrote:
On Mon, 19 Jun 2017 16:48:40 +0100 Patrick O'Callaghan pocallaghan@gmail.com wrote:
Bear in mind that by default Fedora allocates each user to his own private group. Presumably someone who intentionally shares group membership is expected to understand the implications and adjust umask if necessary.
Another good point. It seems that my concerns about umask might be misguided.
Dunno. I'm fairly private and like to end my umask in a 7 normally. Usually discussions revolve around the group bits.
Normally you wouldn't share membership of your personal group - this arranges that 027 (or the like) in your home directory is essentially private. Instead, one makes other groups for shared work.
For example, my partner and I have a group for "us"; both our personal accounts are in it (so it is a secondary group membership); we have a shared third account (for stuff to do with home and so on); its group has both our individual accounts as members, giving both of us read/write to it.
Cheers, Cameron Simpson cs@zip.com.au
On Tue, 20 Jun 2017 07:52:07 +1000 Cameron Simpson cs@zip.com.au wrote:
Dunno. I'm fairly private and like to end my umask in a 7 normally. Usually discussions revolve around the group bits.
Normally you wouldn't share membership of your personal group - this arranges that 027 (or the like) in your home directory is essentially private. Instead, one makes other groups for shared work.
So your 027 is effectively 077 because of your policy.
For example, my partner and I have a group for "us"; both our personal accounts are in it (so it is a secondary group membership); we have a shared third account (for stuff to do with home and so on); its group has both our individual accounts as members, giving both of us read/write to it.
This sounds like a good way to deal with this issue: everything shared is explicitly declared and separated.
After all the input, I think I'll stick with my 077, even though it really has no effect in my situation; it does no harm either. And these permissions probably have no effect for most Fedora users, but I still think it should default to 077; opt in to sharing rather than opt out.
But I won't lose any sleep over it.
On 06/20/17 14:00, stan wrote:
But I won't lose any sleep over it.
Good to hear....
Also, please note that by default when a new user is created in Fedora they also get a corresponding group unless you override. Along with that the home directory is created with drwx------. permissions. So, even if the permissions on the file allow group access and even if the other user is part of the group they can't access the files within your home directory and sub-directories.
[egreshko@f26-b14 ~]$ pwd /home/egreshko
[egreshko@f26-b14 ~]$ ll text -rw-rw----. 1 egreshko egreshko 6 Jun 20 14:09 text [egreshko@f26-b14 ~]$ cat text hello [egreshko@f26-b14 ~]$ whoami egreshko
[egreshko@f26-b14 ~]$ grep ^egreshko /etc/group egreshko:x:1000:silly
[silly@f26-b14 ~]$ whoami silly
[silly@f26-b14 ~]$ cat /home/egreshko/text cat: /home/egreshko/text: Permission denied
[silly@f26-b14 ~]$ ll /home/egreshko ls: cannot open directory '/home/egreshko': Permission denied
So, no matter what you have your umask set to when talking about files under your home directory you need to do some explicit changes to directory and file permissions before others with access to your system can even see what files are there.
On Tue, 20 Jun 2017 14:25:09 +0800 Ed Greshko ed.greshko@gmail.com wrote:
Also, please note that by default when a new user is created in Fedora they also get a corresponding group unless you override. Along with that the home directory is created with drwx------. permissions. So, even if the permissions on the file allow group access and even if the other user is part of the group they can't access the files within your home directory and sub-directories.
[egreshko@f26-b14 ~]$ pwd /home/egreshko
[egreshko@f26-b14 ~]$ ll text -rw-rw----. 1 egreshko egreshko 6 Jun 20 14:09 text [egreshko@f26-b14 ~]$ cat text hello [egreshko@f26-b14 ~]$ whoami egreshko
[egreshko@f26-b14 ~]$ grep ^egreshko /etc/group egreshko:x:1000:silly
[silly@f26-b14 ~]$ whoami silly
[silly@f26-b14 ~]$ cat /home/egreshko/text cat: /home/egreshko/text: Permission denied
[silly@f26-b14 ~]$ ll /home/egreshko ls: cannot open directory '/home/egreshko': Permission denied
So, no matter what you have your umask set to when talking about files under your home directory you need to do some explicit changes to directory and file permissions before others with access to your system can even see what files are there.
Well, thanks for that. It really puts the umask issue in perspective, and addresses my concerns that there was a vulnerability, when there actually isn't.
-
Cameron Simpson -
Ed Greshko -
Ed Greshko -
Gordon Messmer -
Jon LaBadie -
Patrick O'Callaghan -
stan