system-wide index permission with pam_umask

["D Bera" <dbera web gmail com>]

Hi folks,
    A bug was filed recently about the permission of the system-wide
index created by beagle-crawl-system in a system where pam_umask is
installed. I have no experience with pam_umask so I need some help.

The system-wide index script is created by a cron script and run as
root. Since we don't want to run the indexer as root, we use a special
user beagleindex (created by rpm/deb postinst scripts). In the
beagle-crawl-system we set the umask to 022 and then run the actual
index creating process by doing "su beagleindex -c ...".

The above generally works fine since su honours the umask of the
calling environment and all files are created using permission 755 so
every user can read the index. Apparently when pam_umask is used to
control umask of users, the umask set before calling su is ignored and
the umask specified by pam_umask is used. So if the default umask set
for pam_umask is 077, the index files created are unreadable by any
other user.

So any idea how should this be dealt with ? How do other programs deal
with this ? One ugly option is to call "su beagleindex -c umask 022 &
..." but that sounds like a bad workaround. Since the postinst script
creates the user, is there any formal way to specify the umask for
beagleindex which can also be set at that time ?

Many thanks,
- dBera

[1] bugzilla.gnome.org #516562 - it was reported for the opensuse 10.2
distribution

-- 
-----------------------------------------------------
Debajyoti Bera @ http://dtecht.blogspot.com
beagle / KDE fan
Mandriva / Inspiron-1100 user