home directory permissions
Pete Nesbitt
pete at linux1.ca
Tue Feb 24 22:08:02 UTC 2004
On February 24, 2004 10:27 am, Kieran Hood wrote:
> I want to make it so that all new files created in a user's home
> directories are only readable by the users who own them and their groups.
> Is umask the best way to do this? Also where do I add the command so that
> it is executed on startup? Thanks
>
> --
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
Hi Kieran,
yes, umask is the utility to change default file permissions for a user, but
not specificly for their home dir.
You can edit /etc/bashrc for global bash umask.
Near the top you will find a section like:
# by default, we want this to get set.
# Even for non-interactive, non-login shells.
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
umask 002
else
umask 022
fi
---------------------------------------------
The top one is for regular (non-system) accounts, although useradd starts at
500 for regular users.
If you changed "umask 002" to "umask 007" then all user created files and
directories would be created as readable (and dir's exec-able) only by the
user. Again, that would be set to the user, not just their home directory.
The user can also use umask to change that setting.
If you look at the default perms on the users home you should find only the
owner can read or exec the home directory anyway, so in most cases, no
changes should be needed. Also, the default user scheme in Red Hat will
create a "user private" group, so each users primary group is the same as
their userid.
Hope that helps.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list