Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-66 Web application users should use umask 0007
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Enhancement
  • Category
    Not determined
  • Targetted for
    1.1.0
  • Status
    Closed
  • Progress
  • Priority
    Needs to be fixed
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Show / hide more details »
Description

In order to fully take advantage of the web application administrator/user separation, it would be beneficial to have the web application users running the apps with umask set to 0007 (instead of the profile default of 0027).

This would allow the administrator to readily access files created by the web application user (provided the web application itself does not mess with permissions).

It should be decently easy to implement this using the GECOS field. The pam_umask module is capable of extracting per-user umask settings fro this field (you simply specify umask=0007 in web application user's GECOS field).

The following should be done:

  • During creation of web application user, set its GECOS field to include string umask=0007.
  • Update usage instructions to mention this feature.
  • Update role reference documentation.
Todos (0 / 0)
Options
There are no comments