diff options
Diffstat (limited to 'debian/local')
| -rw-r--r-- | debian/local/common-session | 2 | ||||
| -rw-r--r-- | debian/local/common-session-noninteractive | 2 | ||||
| -rw-r--r-- | debian/local/pam-auth-update | 4 |
3 files changed, 7 insertions, 1 deletions
diff --git a/debian/local/common-session b/debian/local/common-session index d0a229a6..1cd4f1ae 100644 --- a/debian/local/common-session +++ b/debian/local/common-session @@ -19,6 +19,8 @@ session requisite pam_deny.so # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so +# reset the umask for new sessions +session optional pam_umask.so # and here are more per-package modules (the "Additional" block) $session_additional # end of pam-auth-update config diff --git a/debian/local/common-session-noninteractive b/debian/local/common-session-noninteractive index 1dd1a172..d216f6ed 100644 --- a/debian/local/common-session-noninteractive +++ b/debian/local/common-session-noninteractive @@ -20,6 +20,8 @@ session requisite pam_deny.so # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so +# reset the umask for new sessions +session optional pam_umask.so # and here are more per-package modules (the "Additional" block) $session_nonint_additional # end of pam-auth-update config diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index ac00b1c9..4c288d7b 100644 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -56,9 +56,11 @@ my %md5sums = ( 'f297c731a467822cbd86e1283263e8a3', '240fb92986c885b327cdb21dd641da8c', '4a25673e8b36f1805219027d3be02cd2', + '9e633425b1878897695217ecaf75e204', ], 'session-noninteractive' => [ 'ad2b78ce1498dd637ef36469430b6ac6', + '53c1ede0bf4c07879d3582d875917545', ], ); my @invalid_modules = ('pam_tally'); @@ -735,7 +737,7 @@ sub parse_pam_profile } } close(PROFILE); - if (!defined($profile{'Session-Interactive-Only'})) { + if (!defined($profile{'Session-Interactive-Only'}) or $profile{'Session-Interactive-Only'} ne 'yes') { $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; $profile{'Session-noninteractive'} = $profile{'Session'}; $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; |