Is default umask of 022 still reasonable for Fedora?

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Is default umask of 022 still reasonable for Fedora?

stan
I recently became aware that the default umask for Fedora is 022 when
it caused problems for me that I had a different umask. This seems like
an anachronism, a relic of a kinder, gentler time, when the computing
atmosphere was more collegiate.  Is it really appropriate that new
files be created for a user with permissions of rwxr-xr-x in today's
security atmosphere?

I set my umask to 077, so that no one can access anything.

I'm interested in other people's opinions, especially those arguing in
favor of continuing to have a umask of 022.  Am I overlooking something?
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Jon LaBadie
On Sun, Jun 18, 2017 at 01:24:17PM -0700, stan wrote:
> I recently became aware that the default umask for Fedora is 022 when
> it caused problems for me that I had a different umask. This seems like
> an anachronism, a relic of a kinder, gentler time, when the computing
> atmosphere was more collegiate.  Is it really appropriate that new
> files be created for a user with permissions of rwxr-xr-x in today's
> security atmosphere?
>

Minor correction, a umask 022 will set execute on new directories
(drwxr-xr-x), but not new files.  They would be -rw-r--r--.

> I set my umask to 077, so that no one can access anything.
>
> I'm interested in other people's opinions, especially those arguing in
> favor of continuing to have a umask of 022.  Am I overlooking something?
> _______________________________________________
> users mailing list -- [hidden email]
> To unsubscribe send an email to [hidden email]
>>> End of included message <<<

--
Jon H. LaBadie                  [hidden email]
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Ed Greshko
In reply to this post by stan
On 06/19/17 04:24, stan wrote:

> I recently became aware that the default umask for Fedora is 022 when
> it caused problems for me that I had a different umask. This seems like
> an anachronism, a relic of a kinder, gentler time, when the computing
> atmosphere was more collegiate.  Is it really appropriate that new
> files be created for a user with permissions of rwxr-xr-x in today's
> security atmosphere?
>
> I set my umask to 077, so that no one can access anything.
>
> I'm interested in other people's opinions, especially those arguing in
> favor of continuing to have a umask of 022.  Am I overlooking something?
You haven't described your environment.  Without that knowledge any advice on umask
is questionable.  Remember, umask isn't, and never was, intended to be a high
security mechanism.


--
Fedora Users List - The place to go to speculate endlessly


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]

signature.asc (220 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Cameron Simpson
In reply to this post by stan
On 18Jun2017 13:24, stan <[hidden email]> wrote:

>I recently became aware that the default umask for Fedora is 022 when
>it caused problems for me that I had a different umask. This seems like
>an anachronism, a relic of a kinder, gentler time, when the computing
>atmosphere was more collegiate.  Is it really appropriate that new
>files be created for a user with permissions of rwxr-xr-x in today's
>security atmosphere?
>
>I set my umask to 077, so that no one can access anything.
>
>I'm interested in other people's opinions, especially those arguing in
>favor of continuing to have a umask of 022.  Am I overlooking something?

As remarked elsewhere, it does depend on your environment.

I like 027 myself. Combined with setgid directories it leaves things readable
by the group of the working area, but otherwise private. Then one just arranges
group ownership. An workable default.

Cheers,
Cameron Simpson <[hidden email]>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
In reply to this post by Jon LaBadie
On Sun, 18 Jun 2017 17:11:11 -0400
Jon LaBadie <[hidden email]> wrote:

> Minor correction, a umask 022 will set execute on new directories
> (drwxr-xr-x), but not new files.  They would be -rw-r--r--.

Not so minor!  Thanks.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
In reply to this post by Ed Greshko
On Mon, 19 Jun 2017 05:49:20 +0800
Ed Greshko <[hidden email]> wrote:

> You haven't described your environment.  Without that knowledge any
> advice on umask is questionable.  Remember, umask isn't, and never
> was, intended to be a high security mechanism.
 
Home workstation with no web facing services.  I could probably get away
with a umask of 000. Even for root.  But it just seems wrong to give
world read access to home files for a user, by default.  

I think of security as layers, and good practices.  While umask might
not be a high security mechanism, there is no need to leave it weaker
than it has to be.  It seems to me that linux depends a lot on file
permissions for security, particularly for root.  

Thanks for your thoughts.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
In reply to this post by Cameron Simpson
On Mon, 19 Jun 2017 07:55:59 +1000
Cameron Simpson <[hidden email]> wrote:

> As remarked elsewhere, it does depend on your environment.

Well, yes, but it just seems that the default should be to the most
secure.

> I like 027 myself. Combined with setgid directories it leaves things
> readable by the group of the working area, but otherwise private.
> Then one just arranges group ownership. An workable default.

That seems reasonable, and would be better than the current default.

Thanks.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Patrick O'Callaghan-2
On Mon, 2017-06-19 at 07:05 -0700, stan wrote:

> On Mon, 19 Jun 2017 07:55:59 +1000
> Cameron Simpson <[hidden email]> wrote:
>
> > As remarked elsewhere, it does depend on your environment.
>
> Well, yes, but it just seems that the default should be to the most
> secure.
>
> > I like 027 myself. Combined with setgid directories it leaves things
> > readable by the group of the working area, but otherwise private.
> > Then one just arranges group ownership. An workable default.
>
> That seems reasonable, and would be better than the current default.

Bear in mind that by default Fedora allocates each user to his own
private group. Presumably someone who intentionally shares group
membership is expected to understand the implications and adjust umask
if necessary.

poc
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Gordon Messmer-2
In reply to this post by stan
On 06/18/2017 07:18 PM, stan wrote:
> On Mon, 19 Jun 2017 05:49:20 +0800 Ed Greshko <[hidden email]> wrote:
>> You haven't described your environment.
>  
> Home workstation with no web facing services.

As a minor point, I'd mention that Fedora's default umask is 002, not
022, except for the root user.

I think either is fine.  umask governs how you share files with other
authorized users of the local computer system (where "local" is defined
as all hosts sharing the same user database).  I only share computing
systems with people that I want to work with, so the default umask of
002 is entirely appropriate.

For single-user systems (workstations), umask has no practical effect.

I don't believe there have been any changes in "today's security
atmosphere" relevant to collaborative work, where umask applies. That
phrase brings to mind an increase in malware, which is a concern, but
not one that umask can affect in any way.  If malware makes its way on
to your workstation, it's almost certainly running under your account.  
It has exactly the same permission as any one of your other processes.  
umask doesn't change that.

> It seems to me that linux depends a lot on file
> permissions for security, particularly for root.

If we're going to discuss general security practices and principals, I'd
start with: Don't log in as root.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
On Mon, 19 Jun 2017 10:03:35 -0700
Gordon Messmer <[hidden email]> wrote:

> As a minor point, I'd mention that Fedora's default umask is 002, not
> 022, except for the root user.

Thanks.

> I think either is fine.  umask governs how you share files with other
> authorized users of the local computer system (where "local" is
> defined as all hosts sharing the same user database).  I only share
> computing systems with people that I want to work with, so the
> default umask of 002 is entirely appropriate.

How much damage would it do to you if their accounts were compromised?

> That
> phrase brings to mind an increase in malware, which is a concern, but
> not one that umask can affect in any way.  If malware makes its way
> on to your workstation, it's almost certainly running under your
> account. It has exactly the same permission as any one of your other
> processes. umask doesn't change that.

Good point.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
In reply to this post by Patrick O'Callaghan-2
On Mon, 19 Jun 2017 16:48:40 +0100
Patrick O'Callaghan <[hidden email]> wrote:

> Bear in mind that by default Fedora allocates each user to his own
> private group. Presumably someone who intentionally shares group
> membership is expected to understand the implications and adjust umask
> if necessary.

Another good point.  It seems that my concerns about umask might be
misguided.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Cameron Simpson
On 19Jun2017 13:17, stan <[hidden email]> wrote:

>On Mon, 19 Jun 2017 16:48:40 +0100
>Patrick O'Callaghan <[hidden email]> wrote:
>
>> Bear in mind that by default Fedora allocates each user to his own
>> private group. Presumably someone who intentionally shares group
>> membership is expected to understand the implications and adjust umask
>> if necessary.
>
>Another good point.  It seems that my concerns about umask might be
>misguided.

Dunno. I'm fairly private and like to end my umask in a 7 normally. Usually
discussions revolve around the group bits.

Normally you wouldn't share membership of your personal group - this arranges
that 027 (or the like) in your home directory is essentially private. Instead,
one makes other groups for shared work.

For example, my partner and I have a group for "us"; both our personal accounts
are in it (so it is a secondary group membership); we have a shared third
account (for stuff to do with home and so on); its group has both our
individual accounts as members, giving both of us read/write to it.

Cheers,
Cameron Simpson <[hidden email]>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
On Tue, 20 Jun 2017 07:52:07 +1000
Cameron Simpson <[hidden email]> wrote:

> Dunno. I'm fairly private and like to end my umask in a 7 normally.
> Usually discussions revolve around the group bits.
>
> Normally you wouldn't share membership of your personal group - this
> arranges that 027 (or the like) in your home directory is essentially
> private. Instead, one makes other groups for shared work.

So your 027 is effectively 077 because of your policy.

> For example, my partner and I have a group for "us"; both our
> personal accounts are in it (so it is a secondary group membership);
> we have a shared third account (for stuff to do with home and so on);
> its group has both our individual accounts as members, giving both of
> us read/write to it.

This sounds like a good way to deal with this issue: everything shared
is explicitly declared and separated.

After all the input, I think I'll stick with my 077, even though it
really has no effect in my situation; it does no harm either.  And these
permissions probably have no effect for most Fedora users, but I still
think it should default to 077; opt in to sharing rather than opt out.

But I won't lose any sleep over it.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

Ed Greshko-2
On 06/20/17 14:00, stan wrote:
> But I won't lose any sleep over it.

Good to hear....

Also, please note that by default when a new user is created in Fedora they also get
a corresponding group unless you override.  Along with that the home directory is
created with drwx------. permissions.   So, even if the permissions on the file allow
group access and even if the other user is part of the group they can't access the
files within your home directory and sub-directories.

[egreshko@f26-b14 ~]$ pwd
/home/egreshko

[egreshko@f26-b14 ~]$ ll text
-rw-rw----. 1 egreshko egreshko 6 Jun 20 14:09 text
[egreshko@f26-b14 ~]$ cat text
hello
[egreshko@f26-b14 ~]$ whoami
egreshko

[egreshko@f26-b14 ~]$ grep ^egreshko /etc/group
egreshko:x:1000:silly

[silly@f26-b14 ~]$ whoami
silly

[silly@f26-b14 ~]$ cat /home/egreshko/text
cat: /home/egreshko/text: Permission denied

[silly@f26-b14 ~]$ ll /home/egreshko
ls: cannot open directory '/home/egreshko': Permission denied

So, no matter what you have your umask set to when talking about files under your
home directory you need to do some explicit changes to directory and file permissions
before others with access to your system can even see what files are there.


--
Fedora Users List - The place to go to speculate endlessly


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Is default umask of 022 still reasonable for Fedora?

stan
On Tue, 20 Jun 2017 14:25:09 +0800
Ed Greshko <[hidden email]> wrote:

> Also, please note that by default when a new user is created in
> Fedora they also get a corresponding group unless you override.
> Along with that the home directory is created with drwx------.
> permissions.   So, even if the permissions on the file allow group
> access and even if the other user is part of the group they can't
> access the files within your home directory and sub-directories.
>
> [egreshko@f26-b14 ~]$ pwd
> /home/egreshko
>
> [egreshko@f26-b14 ~]$ ll text
> -rw-rw----. 1 egreshko egreshko 6 Jun 20 14:09 text
> [egreshko@f26-b14 ~]$ cat text
> hello
> [egreshko@f26-b14 ~]$ whoami
> egreshko
>
> [egreshko@f26-b14 ~]$ grep ^egreshko /etc/group
> egreshko:x:1000:silly
>
> [silly@f26-b14 ~]$ whoami
> silly
>
> [silly@f26-b14 ~]$ cat /home/egreshko/text
> cat: /home/egreshko/text: Permission denied
>
> [silly@f26-b14 ~]$ ll /home/egreshko
> ls: cannot open directory '/home/egreshko': Permission denied
>
> So, no matter what you have your umask set to when talking about
> files under your home directory you need to do some explicit changes
> to directory and file permissions before others with access to your
> system can even see what files are there.

Well, thanks for that.  It really puts the umask issue in perspective,
and addresses my concerns that there was a vulnerability, when there
actually isn't.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Loading...