From 07540db90d60b10cbd10881b0024d8e8871330de Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 3 Nov 2023 09:45:12 -0400 Subject: [PATCH] Revert "Revert "set default umask to 027"" This reverts commit f8913ceb2e2fdd274011377c41b5d08e7459e4af. --- debian/control | 2 +- usr/share/pam-configs/umask-security-misc | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 usr/share/pam-configs/umask-security-misc diff --git a/debian/control b/debian/control index 571050a..2e633aa 100644 --- a/debian/control +++ b/debian/control @@ -14,7 +14,7 @@ Rules-Requires-Root: no Package: security-misc Architecture: all -Depends: python3, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin, +Depends: python3, libglib2.0-bin, libpam-runtime, libpam-umask, sudo, adduser, libcap2-bin, apparmor-profile-dist, helper-scripts, libpam-modules-bin, secure-delete, dmsetup, ${misc:Depends} Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest diff --git a/usr/share/pam-configs/umask-security-misc b/usr/share/pam-configs/umask-security-misc new file mode 100644 index 0000000..6dfe387 --- /dev/null +++ b/usr/share/pam-configs/umask-security-misc @@ -0,0 +1,7 @@ +Name: Restrict umask to 027 (by package security-misc) +Default: yes +Priority: 100 +Session-Type: Additional +Session-Interactive-Only: yes +Session: + optional pam_umask.so umask=027