I’m a bit bothered by something that no one can seem to give me a clear answer on: why is the default umask in Debian/Ubuntu ’022′?
Let’s think about this for a second. Back in the days of historical UNIX, probably for decades, the traditional file permissions of ‘read’, ‘write’ and ‘execute’ was sufficient security for both users and groups, and for the most part, they still are. We have other things in place, such as file ACLs and SELinux, but for the discussion of this post, I’m going to focus on just the traditional rwx.
Back during these days, users were thrown into the ‘users’ group. If a new user was created, it was a member of the ‘users’ group by default. If a system had 100 users, then there were probably 100 users in the ‘users’ group. Also, when a new file/directory was created, the user owned it, and the ‘users’ group had access. As such, the umask 022 needed to be set in place to keep anyone and everyone in the ‘users’ group from modifying the file. Technically, as it stands, there really isn’t anything wrong with it, unless you don’t want everyone in the ‘users’ group reading the file.
Along came User Private Groups (UPGs). This fixed the ‘reading issue’ by giving a unique private group to the user. If the user was ‘aaron’, then he also had an ‘aaron’ UPG. Same went with ‘tom’, ‘jane’ and ‘spot’– each user having their own private group with themselves being the only member of that group. So, the question follows: is the umask 022 still appropriate?
I’m arguing that it’s not needed any longer. It certainly isn’t hurting anything on the system, and the regular run-of-the-mill desktop or laptop user certainly isn’t going to care. But what about production environments, where collaboration is big? What then? Well, if umask 022 is still set, then the permissions on a newly created file will have the read-only permission set for that group. Does this make sense? Let’s break it down:
Suppose Tom creates a file in his home directory that he wants to share with a few co-workers, say an expense report. Suppose also that the default umask is 022. Well, when the expense report is created, he is the owner of the file, and his UPG, ‘tom’, is allowed access. Unfortunately, the ‘tom’ group only has read-access to the file, not write. Also, he’s the only member of that group. So, not only does he have to add the coworkers to his group, so they can begin collaboration, but he also needs to change the file permissions to allow write access to the file. Suppose he creates many files, one after the other, each for the same collaboration with his UPG. Changing the file permissions to allow group write access can be annoying. So, he changes his umask to 002 to keep from doing so. A wise decision.
Are there any security holes in setting 002 system-wide? Not that I can see. UPGs initially only have one member in the group- the user that shares the same name. So, even if read, write and execute where set for the group permissions, unless anyone else is added to that group, it makes no difference, unless those same permissions were added to the ‘other’ rules. So, then why are we enforcing read-only on newly created files, when there is only 1 member in the group that has access to that file? It makes no sense. It completely defeats the purpose of UPGs.
Red Hat based distros, such as CentOS and SUSE have taken advantage of this, changing their default umask to 002. When will Debian, and Debian-based distros such as Ubuntu, follow suit? Can anyone give me a good reason why umask is set to 022 system-wide when the distro has implemented UPGs? I’d be interested to find out. Because as far as I can tell, this is a bug, and should be rightly filed as such.