I had an install issue after hardening a server for public access because I did not realize that Aegir relied upon the default umask of 022.

My standard umask ends in a 7 making sure that no one in the "other" category can read or write my documents or settings, let alone execute them. This is something that Aegir plans for and it simply handles security differently (but the aegir system expects the aegir user to have a specific umask) -- see http://drupal.org/node/896464

I would have liked to have seen INSTALL and UPGRADE both reference the requirement of the expected umask of 022 to avoid these problems in the install/upgrade and a warning that changing the umask for the aegir user (like in a hardening process) may also break the system.

Comments

Anonymous’s picture

Status: Active » Fixed

default umask of 022 is mentioned/recommended in INSTALL/UPGRADE.txt

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.