"useradd -D -s /bin/bash" will set the permissions of the "/etc/default/useradd" file to 600.

Question

"useradd -D -s /bin/bash" will set the permissions of the "/etc/default/useradd" file to 600.

kugarocks opened this issue 3 months ago · 1 comments

I reviewed the original code of useradd.c. The set_defaults function in the file uses the mkstemp method to create a new configuration file, but the mkstemp function sets the file permissions to 600(original is 644). Wouldn't it be better to set the file permissions based on root's umask?

Answer 1 · 2024-08-31T02:55:01.000Z

It should not be set to the same as the original or based on the umask. It might make sense to have the file permissions set to a mask optionally specified in login.defs.

Now, I don't know why we would be keeping the file secret - always using 644 would seem sane to me. But it's possible there is a good reason for it, so it's not a change I would want to take lightly.

Closing this here, but feel free to re-open it if you want to post a patch to change the perms.