[H-GEN] Global UMASK on Debian

Greg Black gjb at gbch.net
Thu Nov 10 20:28:23 EST 2005 

On 2005-11-11, Robert Webb wrote:

> I am trying to set the default UMASK for all users on a Debian system by
> adding
> 
> UMASK            002 to /etc/logon.defs
> 
> This doesn't seem to have any effect, the users still get 022.

I don't use Debian and the Debian Project does not provide
useful online documentation[1], so it's difficult for me to
check this directly.  However, there are obvious and simple
steps that one might take in this kind of situation.

For instance, one might identify all the startup files that the
shells involved might run, and put a simple line in them:

    echo "foo: umask = `umask`"

This will work for both sh and csh type shells and will show you
whether the file was run and what the value of the umask is at
that point.  (Obviously, you replace "foo" above with the full
pathname of the file so you know where the message came from.)

This will show you what files are run and whether anything got
changed along the way.

I don't know about the syntax of logon.defs (which I thought was
called login.defs), but UMASK looks wrong (in that it's normally
spelled umask), so you might need to check that.  And you might
need to see if there's a compiled version of the file -- e.g.,
the equivalent file under FreeBSD is /etc/login.conf, but any
changes to that file are ignored; you have to compile it to a
capability database file with "cap_mkdb /etc/login.conf" for the
changes to take effect.

> I have also tried setting it in each users .bash_profile which has no effect
> either.

I don't believe there was "no effect".  Either the users did not
have bash as their login shell (meaning that this file was not
run), or your syntax was incorrect (meaning that you should have
seen an error message of some kind), or the "umask 02" command
was run and took effect.

In the case of bash, which I'm going to assume is the login
shell in use from the context above, you need to read the manual
carefully, in particular this bit:

    When bash is invoked as an interactive login shell, or as a
    non-interactive shell with the --login option, it first
    reads and executes commands from the file /etc/profile, if
    that file exists.  After reading that file, it looks for
    ~/.bash_profile, ~/.bash_login, and ~/.profile, in that
    order, and reads and executes commands from the first one
    that exists and is readable.  The --noprofile option may be
    used when the shell is started to inhibit this behavior.

Note the word "first" in there.  In other words, start with
/etc/profile and then look at the first one of the other three
that you can find.

I always create a new dummy user to test this stuff, as that
means I'm sure there are no hidden and/or forgotten factors
getting in the way and that the user has a clean default
environment.  Then I make a change, logout and log back in and
see how it went.  When I have things clear, I can apply that
knowledge to the real users.

The thing is to ensure the umask is set as required at login.
>From there, all child processes will inherit it and there will
be no need to play with it after that.

Greg

----------
[1] Yes, that was a swipe at Debian.  Online documentation is
    the norm for open source projects these days and should be
    regarded as essential.  For an example of good online doco,
    see the FreeBSD Project at <http://www.FreeBSD.org/>.  In
    particular, they provide man pages for historic BSD versions
    (and several other systems as well), in a nice interface at
    <http://www.freebsd.org/cgi/man.cgi>.  (Of course, the man
    pages for the current releases are there too.)

More information about the General mailing list