Umask

James Wilkinson james at westexe.demon.co.uk
Tue Mar 1 17:28:27 UTC 2005


Jay Paulson wrote:
> Fedora's default umask is set to 022.

Not normally for bash, no: see later.

>  I need it to be set to 002 so 
> that different users within the same group can ftp and download the 
> same file(s).  However, I noticed that when I set the umask to 002 it 
> changes it system wide!  I was wondering if this was a security risk?  
> My network admin wants us to ssh in change the owner of the file using 
> the sudo chown command, download the file, then change the owner back.  
> I REALLY don't want to do this for every file that I want to work on.  
> There has to be a way to change this and I think umask is the way to do 
> it.  The thing is I do not want to go changing the umask of the system 
> without knowing if it's secure or not.

Short answer: Should be OK if you stick to Red Hat's default User
Private Group scheme (where each user has their own default group, the
home directories are set to that user's private group group, if you want
multiple users in the same group you create another group for that
purpose, and you use a separate shared directory with the setguid bit
set to ensure that files created in that directory by default are
created with the directory's group).  But I'm worried about exactly what
you're doing. How are you changing umask anyway? How are these files
being created?

You should, in any case, read
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-users-groups-private-groups.html

and / or the earlier version of that document,

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-users-groups-private-groups.html

Note, too, that umask for bash shells is set in /etc/bashrc (at the
top): if you're using Red Hat style User Private Groups, the umask
should already be 002.

Hope this helps,

James.

-- 
James Wilkinson       | "Does exactly what it says on the tin." ...
Exeter    Devon    UK | I've got a tin at home: it says "Open other end".
E-mail address: james | It never is.
@westexe.demon.co.uk  | -- Humphrey Lyttelton, "I'm Sorry, I Haven't A Clue"




More information about the fedora-list mailing list