Umask

Jay Paulson jpaulson at sedl.org
Tue Mar 1 18:50:12 UTC 2005 

Hey thanks for the help!  That's exactly what I was looking for.

One thing interesting that I noticed though was that one one machine I  
have the umask is set to 022 when a user logs in.  However, if a user  
logs into a different machine the umask is set to 0002 but, if they su  
to root (something I can't do on the other machine) the umask is set to  
0022.  Therefore, I may not have a problem on the second machine.

Although upon further investigation of the /etc/profile and the  
/etc/bashrc files I did notice slight differences in them with regards  
to the umask.

#Machine 1
if [ `id -gn` = `id -un` -a `id -u` -gt 99 ]; then
     umask 002
else
     umask 022
fi

#Machine 2
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
     umask 002
else
     umask 022
fi

You'll notice the double quotes (") around 'id -gn' and 'id -un' in the  
if else statement of Machine 2.  I wonder if this has some effect on  
the umask settings?  It also makes me wonder if machine 1 is up to date  
with all it's packages (I'm not the admin of Machine 1 so there's not  
much I can do about it).

At any rate, thanks for your help!

>> Fedora's default umask is set to 022.
>
> Not normally for bash, no: see later.
>
>>  I need it to be set to 002 so
>> that different users within the same group can ftp and download the
>> same file(s).  However, I noticed that when I set the umask to 002 it
>> changes it system wide!  I was wondering if this was a security risk?
>> My network admin wants us to ssh in change the owner of the file using
>> the sudo chown command, download the file, then change the owner back.
>> I REALLY don't want to do this for every file that I want to work on.
>> There has to be a way to change this and I think umask is the way to  
>> do
>> it.  The thing is I do not want to go changing the umask of the system
>> without knowing if it's secure or not.
>
> Short answer: Should be OK if you stick to Red Hat's default User
> Private Group scheme (where each user has their own default group, the
> home directories are set to that user's private group group, if you  
> want
> multiple users in the same group you create another group for that
> purpose, and you use a separate shared directory with the setguid bit
> set to ensure that files created in that directory by default are
> created with the directory's group).  But I'm worried about exactly  
> what
> you're doing. How are you changing umask anyway? How are these files
> being created?
>
> You should, in any case, read
> http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ 
> s1-users-groups-private-groups.html
>
> and / or the earlier version of that document,
>
> http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1- 
> users-groups-private-groups.html
>
> Note, too, that umask for bash shells is set in /etc/bashrc (at the
> top): if you're using Red Hat style User Private Groups, the umask
> should already be 002.
>
> Hope this helps,
>
> James.
>
> -- 
> James Wilkinson       | "Does exactly what it says on the tin." ...
> Exeter    Devon    UK | I've got a tin at home: it says "Open other  
> end".
> E-mail address: james | It never is.
> @westexe.demon.co.uk  | -- Humphrey Lyttelton, "I'm Sorry, I Haven't A  
> Clue"
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
Jay Paulson
Web Design Specialist
Southwest Educational Development Laboratory
211 E. 7th St., Suite 200
Austin, TX 78701-3253
512-476-6861 (voice)
512-476-2286 (fax)
http://www.sedl.org

More information about the fedora-list mailing list