Comments on: Default Umask In Debian

By: Stefan

Stefan — Thu, 19 Jun 2008 23:50:46 +0000

It highly depends on the usecase which umask might be the right. For a shared hosting environment where everybody should only see hir files by default I would prefer 027.

By: pr0le

pr0le — Sat, 24 Nov 2007 01:42:53 +0000

I’m with you on this one… this is one of those gotcha’s I’ve found moving from RHEL to Ubuntu.

By: cyn0n

cyn0n — Fri, 09 Nov 2007 00:18:53 +0000

you are totally forgetting that the user perms on that file are YOURS!!

meaning I can execute whatever I want as YOU….

sometimes I think reaching out to all you ‘normal’ people to use nix was a bad idea… whatever… there is just education to be had

By: Robvdl

Robvdl — Sat, 27 Oct 2007 10:01:48 +0000

After reading Ubuntu Demon’s post, I just realised you can change the default umask in /etc/profile, so I guess that has just answered my question above. Nice.

By: Robvdl

Robvdl — Sat, 27 Oct 2007 09:51:24 +0000

I was just wondering. Quite a few times I have wanted to setup a shared EXT3 partition that multiple users could write to, so long I add them to the same group. However, every new file or folder a user creates on this partition, it always sets the group permissions to “read only” by default. I can’t have people right clicking every newly created file and folder and changing the group permisions to read+write manually. So in the end, after not being able to find a way around it, I usually end up using an NTFS partition as a workaround. This has frustrated me a bit, because I don’t really want to use a non-UNIX filesystem such as NTFS just to work around this problem.

I was wondering, if what you are talking about here, with the system wide umask, is what is causing this? i.e. that every newly created file or folder, the group permisions are set to “read only”.

By: djankeet » Blog Archive » Default Umask In Debian

djankeet » Blog Archive » Default Umask In Debian — Thu, 25 Oct 2007 22:42:41 +0000

[...] more here [...]

By: Default umask « Ubuntu Demon’s blog

Default umask « Ubuntu Demon’s blog — Wed, 24 Oct 2007 22:55:09 +0000

[...] Filed under: english — ubuntudemon @ 10:55 pm This is a reaction to Aaron Toponce’s blog post about a better default for [...]

By: Scott Balneaves

Scott Balneaves — Wed, 24 Oct 2007 22:45:04 +0000

Nope, not a bug. Safe behavior:

sbalneav:x:1000:
atoponce:x:1001:
shared:x:2000:sbalneav,atoponce

sudo mkdir /home/shared
sudo chown nobody:shared /home/shared
sudo chmod 770 /home/shared

cd /home/shared
date > YouCanReadThisButNotWriteWhichIsTheSafeDefault

I’d say the safe, read only group behavior is the preferred one.

Scott

By: Aaron

Aaron — Wed, 24 Oct 2007 21:05:43 +0000

@troll- Uh, I mentioned that there are better ways for controlling who has access to files, and that I wouldn’t be covering them, such as FACLs. However, that still doesn’t answer the question of why umask is set to 022 and not 002. Thus, supporting my belief that no one can give me a suitable answer to why this is the case.

@Mike- Frustrating, isn’t it? However, even root has it’s on UPG, so it can also benefit from 002.

By: Mike

Mike — Wed, 24 Oct 2007 21:02:53 +0000

As far as I know, setting a default umask of 002 is current best practice. Debian and Ubuntu are my favorite distros–didn’t know they didn’t do this.

(root might be an exception that would want 022.)

By: Christian » Default Umask In Debian

Christian » Default Umask In Debian — Wed, 24 Oct 2007 19:58:13 +0000

[...] aaron wrote an interesting post today onHere’s a quick excerptIf the user was ‘aaron’, then he also had an ‘aaron’ UPG. Same went with ‘tom’, ‘jane’ and ’spot’– each user having their own private group with themselves being the only member of that group. So, the question follows: is the umask 022 … [...]

By: troll

troll — Wed, 24 Oct 2007 19:57:44 +0000

Modern operating systems use ACLs. Yawn. Moot rant is moot.