Because in June 2005 the simple response to the Debian bug filed in September 2004 was to comment the global setting out of /etc/login.defs rather than change it to 0027. And after some back and forth there's now the explanation in /etc/login.defs that you can read today (q.v.).
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
And also, some tools still break when using the non-default umask.
Yes, yes, we all run Postgres in containers, but if you don't, and you upgrade to a new Postgres major version, gladly using the Debian scripts that make it all more comfortable, while using umask 027, you will enjoy your day. Though I don't remember if those upgrade-scripts where from Debian proper or from Postgres.
Since that experience I always wondered what other tools may have such bugs lurking around.
Is this really a big deal on effectively single user systems with in-person hardware? On the other hand, why is this such a hard decision for Debian to make?
JdeBP|6 months ago
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269583
h43z|6 months ago
eurg|6 months ago
Yes, yes, we all run Postgres in containers, but if you don't, and you upgrade to a new Postgres major version, gladly using the Debian scripts that make it all more comfortable, while using umask 027, you will enjoy your day. Though I don't remember if those upgrade-scripts where from Debian proper or from Postgres.
Since that experience I always wondered what other tools may have such bugs lurking around.
leoh|6 months ago