| 26 | 26 | If you look at OpenSSH for example, it's software that has a very precise idea of what each file's permission should be: the private RSA keys ''must not'' be group-readable and world-readable, regardless of the umask. They likely have parts of their makefiles or build scripts that hardcode access to certain files in their "packages", simply because in some cases those permissions serve a different purpose than umask (which serves a purpose for day-to-day tasks, creating new files, not building packages or operating systems). Other examples include executables that are "special", like `su`, with the 's' bit to "inherit-root-privileges" (or conversely, "do *not* inherit privileges"). If their makefiles/jamfiles relied on the umask to get the correct right that would be a security risk. Rights are (rightly) hardcoded for these. Deviations from these hard-codings should be like changing the source code in .cpp files : something to do for tinkerers and tweakers, not left to such general states as the general umask IMHO. Might be missing something though, as my perspective is colored by my being an app developer, not an OS developer.. |
