Red Hat Bugzilla – Bug 120034
running up2date from via console helper uses users umask
Last modified: 2007-11-30 17:07:01 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040224
Description of problem:
We set the umask of users via a script in /etc/profile.d/
Basically users -gt 99 get 0077 and -lt 0022. This we do for security.
Issue is when you run up2date via console helper, the users umask of
0077. With most RPMS, this causes no problems, as the permissions
files in RPMS are predefined.
In rhel3 update2 preview, the gnome-panel update, runs gconftool2 at
post, when a user has a umask of 0077 this causes some files in
/etc/gconf to unreadable to users (retaining the 0077 umask). Causes
the gnome-panel to freeze after logging out/ logging in.
It may be wise to add some sort of default umask to up2date so this
does not occur.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. set user umask to 0077
2. configure a yum server, add gnome-panel update to it
3. run up2date, install gnome-panel update
Thanks for your report.
Unfortunately there seems to be no practical way to make sure the umask is
"correct". Some system administrators set up their systems to use 077 for the
root user only (not for regular users), so hard-coding 022 or 002 in usermode
would be explicitly dictating a policy contrary to the system administrator's
Ideally, userhelper would interpret the /etc/profile.d/* scripts to use the same
umask that is used by other processes run as root; this can't be done for
The specific problem with rpm scriptlets would probably be best solved by
enforcing an umask within rpm to the 022 or 002 value expected by some
scriptlets, or by auditing all scriptlets to make sure they don't depend on the
default umask value. One of these changes will probably be implemented within
Fedora and should eventually be available in RHEL.
*** Bug 214359 has been marked as a duplicate of this bug. ***