1 files changed, 22 insertions, 22 deletions

diff --git a/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/0003-Add-Arch-Linux-defaults-for-login.defs.patch
index 0d2fe8ac5437..5e687b02a2c3 100644
--- a/0003-Add-Arch-Linux-defaults-for-login.defs.patch
+++ b/0003-Add-Arch-Linux-defaults-for-login.defs.patch
@@ -1,24 +1,24 @@
-From 8c2a5c7d695fc6066c92b102d26853f25e0bedb8 Mon Sep 17 00:00:00 2001
+From 2642dcf11171a701f1997dcd19a769bb5baec410 Mon Sep 17 00:00:00 2001
 From: David Runge <dvzrv@archlinux.org>
 Date: Mon, 31 Oct 2022 10:10:22 +0100
-Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
+Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
 
 etc/login.defs:
-Change ENV_SUPATH and ENV_SUPATH to only use
-/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
-and bin merge distribution.
-Change UMASK to 077 as it is considered a more privacy conserving
-default than 022.
-Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
-distribution added UIDs and GIDs.
-Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
-DES.
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+  /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
+  bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+  while creating home directories in a privacy conserving manner.
+- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+  distribution added UIDs and GIDs of system users.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+  than DES.
 ---
  etc/login.defs | 12 ++++++------
  1 file changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/etc/login.defs b/etc/login.defs
-index 7c633a57..ea841257 100644
+index 797ca6b3..c4accbf8 100644
 --- a/etc/login.defs
 +++ b/etc/login.defs
 @@ -55,8 +55,8 @@ HUSHLOGIN_FILE	.hushlogin
@@ -32,15 +32,15 @@ index 7c633a57..ea841257 100644
  
  #
  # Terminal permissions
-@@ -79,7 +79,7 @@ TTYPERM		0600
- # 022 is the default value, but 027, or even 077, could be considered
- # for increased privacy. There is no One True Answer here: each sysadmin
- # must make up their mind.
--UMASK		022
-+UMASK		077
- 
+@@ -84,7 +84,7 @@ UMASK		022
  # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
  # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE	0700
++HOME_MODE	0700
+ 
+ #
+ # Password aging controls:
 @@ -103,7 +103,7 @@ PASS_WARN_AGE	7
  UID_MIN			 1000
  UID_MAX			60000
@@ -59,15 +59,15 @@ index 7c633a57..ea841257 100644
  SYS_GID_MAX		  999
  # Extra per user group ids
  SUB_GID_MIN		   100000
-@@ -153,7 +153,7 @@ CHFN_RESTRICT		rwh
+@@ -152,7 +152,7 @@ CHFN_RESTRICT		rwh
  # Note: If you use PAM, it is recommended to use a value consistent with
  # the PAM modules configuration.
  #
 -#ENCRYPT_METHOD DES
-+ENCRYPT_METHOD SHA512
++ENCRYPT_METHOD YESCRYPT
  
  #
  # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
 -- 
-2.39.0
+2.42.0