Umask
Jay Paulson
jpaulson at sedl.org
Tue Mar 1 18:50:12 UTC 2005
Hey thanks for the help! That's exactly what I was looking for.
One thing interesting that I noticed though was that one one machine I
have the umask is set to 022 when a user logs in. However, if a user
logs into a different machine the umask is set to 0002 but, if they su
to root (something I can't do on the other machine) the umask is set to
0022. Therefore, I may not have a problem on the second machine.
Although upon further investigation of the /etc/profile and the
/etc/bashrc files I did notice slight differences in them with regards
to the umask.
#Machine 1
if [ `id -gn` = `id -un` -a `id -u` -gt 99 ]; then
umask 002
else
umask 022
fi
#Machine 2
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
umask 002
else
umask 022
fi
You'll notice the double quotes (") around 'id -gn' and 'id -un' in the
if else statement of Machine 2. I wonder if this has some effect on
the umask settings? It also makes me wonder if machine 1 is up to date
with all it's packages (I'm not the admin of Machine 1 so there's not
much I can do about it).
At any rate, thanks for your help!
>> Fedora's default umask is set to 022.
>
> Not normally for bash, no: see later.
>
>> I need it to be set to 002 so
>> that different users within the same group can ftp and download the
>> same file(s). However, I noticed that when I set the umask to 002 it
>> changes it system wide! I was wondering if this was a security risk?
>> My network admin wants us to ssh in change the owner of the file using
>> the sudo chown command, download the file, then change the owner back.
>> I REALLY don't want to do this for every file that I want to work on.
>> There has to be a way to change this and I think umask is the way to
>> do
>> it. The thing is I do not want to go changing the umask of the system
>> without knowing if it's secure or not.
>
> Short answer: Should be OK if you stick to Red Hat's default User
> Private Group scheme (where each user has their own default group, the
> home directories are set to that user's private group group, if you
> want
> multiple users in the same group you create another group for that
> purpose, and you use a separate shared directory with the setguid bit
> set to ensure that files created in that directory by default are
> created with the directory's group). But I'm worried about exactly
> what
> you're doing. How are you changing umask anyway? How are these files
> being created?
>
> You should, in any case, read
> http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/
> s1-users-groups-private-groups.html
>
> and / or the earlier version of that document,
>
> http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-
> users-groups-private-groups.html
>
> Note, too, that umask for bash shells is set in /etc/bashrc (at the
> top): if you're using Red Hat style User Private Groups, the umask
> should already be 002.
>
> Hope this helps,
>
> James.
>
> --
> James Wilkinson | "Does exactly what it says on the tin." ...
> Exeter Devon UK | I've got a tin at home: it says "Open other
> end".
> E-mail address: james | It never is.
> @westexe.demon.co.uk | -- Humphrey Lyttelton, "I'm Sorry, I Haven't A
> Clue"
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
Jay Paulson
Web Design Specialist
Southwest Educational Development Laboratory
211 E. 7th St., Suite 200
Austin, TX 78701-3253
512-476-6861 (voice)
512-476-2286 (fax)
http://www.sedl.org
More information about the fedora-list
mailing list