HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Umask parameter

 

Umask parameter

Dear All,
In my server, i have set umask 022 in /etc/profile. Now when i login to root, it shows umask 022. when i do su - prdadm, it shows me umask 022. but when i directly login to prdadm user, it shows me umask 077. I also set umask in .profile but no luck.
plz let me know, where i have to set umask, so that it remain 022 only for prdadm also.

Ankit
5 REPLIES
Basheer_2
Trusted Contributor

Re: Umask parameter

Hello Ankit,

grep umask ~prdadm/.profile

check if that .profile is calling other scripts like database start or application start.

do a grep on those scripts also.
Suraj K Sankari
Honored Contributor

Re: Umask parameter

Hi Ankit,

Check your .profile again see there is any script is running or not.

Suraj
Ganesan R
Honored Contributor

Re: Umask parameter

Hi Ankit,

Normally umask value will be sourced from /etc/profile unless user's profile will have it's own umask value.

Check the user's profile depends on his shell.
Best wishes,

Ganesh.
Bill Hassell
Honored Contributor

Re: Umask parameter

Using su - prdadm will be the same as a normal login -- unless you are using something strange like Xwindows rather than ssh or telnet. Verify that .profile is actually being run during your login with some debug statement like:

echo "starting .profile, umask=$(umask)"
...
echo "finished .profile, umask=$(umask)"


Bill Hassell, sysadmin
Matti_Kurkela
Honored Contributor

Re: Umask parameter

What's the shell of the prdadm user?
(i.e. what does "grep ^prdadm: /etc/passwd | cut -d : -f 7" report?)

If prdadm's shell is /usr/bin/csh, /usr/bin/tcsh or some other non-Bourne shell, it won't execute /etc/profile or ~/.profile - it runs its own login scripts instead. For csh and tcsh, the standard csh-style login scripts are /etc/csh.cshrc, /etc/csh.login and ~/.cshrc.

If prdadm's shell is e.g. csh and there is no umask command in csh-style login scripts at all, the session might inherit the umask from whatever is the parent process.

When you do "su - prdadm", the parent process is your session, which already has umask 022.

When you login directly to prdadm, the parent process is the network login service: sshd/telnetd/whatever. These are security-critical services, so they are usually hard-coded to set a very strict umask, like 077, unless configured otherwise. If necessary, the strict umask can then be relaxed in /etc/profile, /etc/csh.cshrc or equivalent.

MK
MK