Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#72735 - [opendoas] Provide a default PAM configuration
Attached to Project:
Community Packages
Opened by Ayush Agarwal (ayushnix) - Saturday, 13 November 2021, 13:42 GMT
Last edited by T.J. Townsend (blakkheim) - Friday, 16 June 2023, 03:13 GMT
Opened by Ayush Agarwal (ayushnix) - Saturday, 13 November 2021, 13:42 GMT
Last edited by T.J. Townsend (blakkheim) - Friday, 16 June 2023, 03:13 GMT
|
DetailsDescription:
The upstream opendoas package has removed PAM configuration files in a commit[^1] after the latest available release version 6.8.1. A default PAM file should now be provided by the opendoas package. In addition, if a regular user is using a different umask, such as 027, files created with doas will inherit the umask of the regular user. This can create confusion and broken systemd services due to insufficient read access. Since Arch Linux ships a default umask of 022 in /etc/profile, I think the following PAM configuration for doas might make sense, https://github.com/Duncaen/OpenDoas/issues/31#issuecomment-642965285 #%PAM-1.0 auth include system-auth account include system-auth session include system-auth session optional pam_umask.so usergroups umask=022 [^1]: https://github.com/Duncaen/OpenDoas/commit/cfa9f0d3b306d6c1287ec4f2aa42be29de66c9de Additional info: * package version(s) - opendoas 6.8.1-3 Steps to reproduce: 1. The commit linked above shows that PAM configuration has been removed in upstream. 2. Change the umask of a regular user to a non-default value, such as 027. 3. Executing 'doas vim /etc/systemd/system/sample.service' would create 'sample.service' with permissions of 640 which isn't desirable. |
This task depends upon
Closed by T.J. Townsend (blakkheim)
Friday, 16 June 2023, 03:13 GMT
Reason for closing: Won't implement
Friday, 16 June 2023, 03:13 GMT
Reason for closing: Won't implement