On Fri, 20 Apr 2001, Drew Jones wrote: > Problem: > Users of Redhat 7 may have their umask set insecurely while acting > as root. > > Description: > ...When the user logs in, any shell that uses /etc/profile will set > the umask to 002 if the user's username and groupname match and their > uid is greater than 14. If the user then issues su to become root > without specifying the -l option the root account inherits the umask > of 002.... Redhat seemed to understand that system users should have a > umask of 022, because /etc/profile will set the umask that way for > users loging in with a uid less than 14, but they forgot about su. Maybe I'm missing something here, but isn't the "problem" with su, not /etc/profile? From the su man page: -, -l, --login make the shell a login shell If the shell is not a login shell, then /etc/profile nor any .*shrc scripts are processed -- you merely assume the UID of the account you are su'ing to. To assume the complete environment of the account you wish to impersonate, then you have to specify '-' or '-l' so that environmental scripts are processed. --Rebecca Kastl
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 14:31:55 PDT