[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: home directory permissions

On February 24, 2004 10:27 am, Kieran Hood wrote:
> I want to make it so that all new files created in a user's home
> directories are only readable by the users who own them and their groups.
> Is umask the best way to do this? Also where do I add the command so that
> it is executed on startup? Thanks
> --
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Hi Kieran,
yes, umask is the utility to change default file permissions for a user, but 
not specificly for their home dir.

You can edit /etc/bashrc for global bash umask.
Near the top you will find a section like:

# by default, we want this to get set.
# Even for non-interactive, non-login shells.
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
        umask 002
        umask 022
The top one is for regular (non-system) accounts, although useradd starts at 
500 for regular users.

If you changed "umask 002" to "umask 007" then all user created files and 
directories would be created as readable (and dir's exec-able) only by the 
user. Again, that would be set to the user, not just their home directory. 
The user can also use umask to change that setting.

If you look at the default perms on the users home you should find only the 
owner can read or exec the home directory anyway, so in most cases, no 
changes should be needed. Also, the default user scheme in Red Hat will 
create a "user private" group, so each users primary group is the same as 
their userid.

Hope that helps.
Pete Nesbitt, rhce

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]