* etc/login.defs: Improve the documentation of UMASK.

diff --git a/ChangeLog b/ChangeLog
index 3ea3b84687a31db4224dcae4ef010a58207a69e0..10299489810610645b3c403b2292c4dcccfe6f85 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
        * man/limits.5.xml: Remove space before an end of tag.
        * man/useradd.8.xml, man/login.defs.d/CREATE_HOME.xml,
        man/login.defs.5.xml: Document the CREATE_HOME variable.
+       * etc/login.defs: Improve the documentation of UMASK.
 
 2009-01-06  Sebastian Rick Rijkers  <srrijkers@gmail.com>
 

diff --git a/etc/login.defs b/etc/login.defs
index dbb9648690072b7533c241cd1cd0e6921b6525f0..6dc469537e84656e9cdf69600b3cc3922b553125 100644 (file)
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -169,7 +169,6 @@ TTYPERM             0600
 #
 #      ERASECHAR       Terminal ERASE character ('\010' = backspace).
 #      KILLCHAR        Terminal KILL character ('\025' = CTRL/U).
-#      UMASK           Default "umask" value.
 #      ULIMIT          Default "ulimit" value.
 #
 # The ERASECHAR and KILLCHAR are used only on System V machines.
@@ -180,9 +179,16 @@ TTYPERM            0600
 #
 ERASECHAR      0177
 KILLCHAR       025
-UMASK          022
 #ULIMIT                2097152
 
+# Default initial "umask" value for non-PAM enabled systems.
+# UMASK is also used by useradd and newusers to set the mode of new home
+# directories.
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+UMASK          022
+
 #
 # Password aging controls:
 #