[pacman-dev] [PATCH] pacman-db-upgrade: set umask 022

Peter Wu peter at lekensteyn.nl
Tue Dec 23 11:10:51 UTC 2014

On Tuesday 23 December 2014 11:18:51 Allan McRae wrote:
> > It would probably be a good idea to set umask 022 for
> > /var/cache/pacman/archives/ as well, but that is not as severe as this issue.
> > 
> > If there are people who actually use 'umask 027' to make their packages
> > unreadable, what about a global Umask setting in pacman.conf (defaulting to
> > 022?).
> I am happy with that staying how it is.  A non-root user does not
> particularly need access to these files.
> Allan

(S)he does not? What about copying the package to a different (virtual)
machine? Or extracting a config file and look for differences? The
status quo is that the permissions of cache dir items depend on the
umask of the executing process which is 022 on a default installation.

When I have a need to read the tarball contents, I first have to run:

    sudo chmod -R o+r /var/cache/pacman/pkg/

With this in mind, would you still be opposed to changing the default
umask, or introducing a umask setting in pacman.conf?
Kind regards,

More information about the pacman-dev mailing list