pid1: by default make user units inherit their umask from the user ma… #15318
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Not a fan, but Ok. But please update UMask= explanation in the systemd.exec man page, it needs to clarify what the new default is now. |
poettering
added
the
reviewed/needs-rework 🔨
fbuihuu
force-pushed
the
inherit-umask-for-user-units
branch
from
95405af
to
f466c9e
Compare
fbuihuu
removed
the
reviewed/needs-rework 🔨
|
@poettering new version force pushed. |
poettering
requested changes
Apr 9, 2020
fbuihuu
force-pushed
the
inherit-umask-for-user-units
branch
from
f466c9e
to
61f1ad9
Compare
…nager This patch changes the way user managers set the default umask for the units it manages. Indeed one can expect that if user manager's umask is redefined through PAM (via /etc/login.defs or pam_umask), all its children including the units it spawns have their umask set to the new value. Hence make user units inherit their umask value from their parent instead of the hard coded value 0022 but allow them to override this value via their unit file. Note that reexecuting managers with 'systemctl daemon-reexec' after changing UMask= has no effect. To take effect managers need to be restarted with 'systemct restart' instead. This behavior was already present before this patch. Fixes systemd#6077.
fbuihuu
force-pushed
the
inherit-umask-for-user-units
branch
from
61f1ad9
to
5e37d19
Compare
poettering
added
the
good-to-merge/waiting-for-ci 👍
|
Nautalis on our Fedora 33 machines is ignoring umask settings, including in login.defs, and making all files world readable. |
keszybz
removed
the
good-to-merge/waiting-for-ci 👍
|
@Reasoning-Technology if you click on the "… merged commmit 611cb82" message above, the page shows that the commit is present in v249 v249-rc3 v249-rc2 v249-rc1 v248 v248-rc4 v248-rc3 v248-rc2 v248-rc1 v247 v247-rc2 v247-rc1 v246 v246-rc2 v246-rc1, i.e. v246 or later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…nager
This patch changes the way user managers set the default umask for the units it
manages.
Indeed one can expect that if user manager's umask is redefined through PAM
(via /etc/login.defs or pam_umask), all its children including the units it
spawns have their umask set to the new value.
Hence make user units inherit their umask value from their parent instead of
the hard coded value 0022 but allow them to override this value via their unit
file.
Note that reexecuting managers with 'systemctl daemon-reexec' after changing
UMask= has no effect. To take effect managers need to be restarted with
'systemct restart' instead. This behavior was already present before this
patch.
Fixes #6077.