HPE Community
Operating System - HP-UX
1755653 Members
3318 Online
108837 Solutions
New Discussion юеВ

Re: Effect of umask 022 in /etc/profile

 
SOLVED
Go to solution
Ray Allen_1
Frequent Advisor

тАО08-12-2008 05:42 AM

тАО08-12-2008 05:42 AM

Effect of umask 022 in /etc/profile

Hi All,

I considering putting umask 022 in /etc/profile on all our unix servers. I just wanted get some feedback as to what problems this may cause to my users or applications before I put the entry in /etc/profile.

Thanks
0 Kudos
Reply
6 REPLIES 6
Tim Nelson
Honored Contributor

тАО08-12-2008 05:48 AM

тАО08-12-2008 05:48 AM

Solution

Re: Effect of umask 022 in /etc/profile

A file created by a user will default to 644 permissions.

e.g. the users group and others will not be able to write to the file.

This is a good place to set security. If your groups interact alot then set their individual to 002.

If privacy is a concern then set it globally to 026 or 027. This will default to no access for others.

Not knowing what your current setting is, how many users, what type if interaction they need the real answer is tough to say but the above should give you a place to start.

Reply
candlejack
Advisor

тАО08-12-2008 05:52 AM

тАО08-12-2008 05:52 AM

Re: Effect of umask 022 in /etc/profile

umask sets the default file permissions for a newly created file.

All new files carry a default permission (without umask) of 666 and all directories carry a default permission (without umask) of 777. The way it works is you subtract the umask number from the default permission without the umask to get the new permission.

So if your umask is 022, for files your default permission would be 644 and directories would be 755:

666 - 022 = 644
777 - 022 = 755
"The future starts today, not tomorrow." -Pope John Paul II
Reply
Steven E. Protter
Exalted Contributor

тАО08-12-2008 07:29 AM

тАО08-12-2008 07:29 AM

Re: Effect of umask 022 in /etc/profile

Shalom,

The effect will be to keep users out of each others files.

This is normally a good thing, but you may want to set umask differently if a group of users needs to collaborate on a project.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Mike Shilladay
Esteemed Contributor

тАО08-12-2008 07:36 AM

тАО08-12-2008 07:36 AM

Re: Effect of umask 022 in /etc/profile

Hi Ray,

We have put the umask of 022 in /etc/profile for as long as I can remember. It is a good starting point. Better than nothing but could be tighter.

Mike.
Reply
Ray Allen_1
Frequent Advisor

тАО08-12-2008 11:52 AM

тАО08-12-2008 11:52 AM

Re: Effect of umask 022 in /etc/profile

Thanks all. I just needed to know what effect adding the umask in /etc/profile might have once I add it. Just trying to avoid everyone screaming at me.

Thanks again.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО08-12-2008 05:30 PM

тАО08-12-2008 05:30 PM

Re: Effect of umask 022 in /etc/profile

Actually, it is a very bad idea to NOT have umask (which is the default for the last 20 years of HP-UX). Without umask set, the default is *ALL* new files and directories can be trashed by any user. If any user complains, send them off to a Unix security class so they understand what they will lose with 666 files and 777 directories. umask 022 is the minimum, and I usually set root's .profile with umask 077. That way, root must make a conscious decision to give away more open permissions when creating files and directories.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.