HPE Community
Operating System - HP-UX
1825810 Members
2501 Online
109688 Solutions
New Discussion

Procedure to set umask value?(at startup scripts)

 
SOLVED
Go to solution
K.Vijayaragavan.
Respected Contributor

‎02-21-2002 02:15 AM

‎02-21-2002 02:15 AM

Procedure to set umask value?(at startup scripts)

Hi all,

I want to set my hpux umask setting to "027" at all run levels.

I can do it by editing the .profile and .dtprofile files and adding
a line "umask 027".

But I want to do this in other way to have more security.
I.e. I want to use the system startup scripts to do this.

I have executed the below mentioned script to create sartup script
files to accomplish this task.
------------------------------------------
#umask 027
#echo "umask 027" > /sbin/init.d/umask.sh
# for d in /sbin/rc?.d
>do
>ln /sbin/init.d/umask.sh $d/S000umask.sh
>done
------------------------------------------
But after rebooting and logging in when I tried to see the current umask value,
I get "02" and umask -S says u=rwx,g=rwx,o=rx.

Any help or clue or alternate idea will be highly appreciated.

-K.Vijayaragavan
"Let us fine tune our knowledge together"
0 Kudos
Reply
12 REPLIES 12
Steve Steel
Honored Contributor

‎02-21-2002 02:48 AM

‎02-21-2002 02:48 AM

Re: Procedure to set umask value?(at startup scripts)

Hi

See man rc

This script is called at the start of every runlevel and sets the default umask.

If you feel the need to do it you can change it there and it should be changed in every runlevel.


Remeber to backup this system script before editing.


Steve steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎02-21-2002 02:54 AM

‎02-21-2002 02:54 AM

Re: Procedure to set umask value?(at startup scripts)

You need to change the value set in the script /sbin/rc

This will sort out most of your processes, but anything started by init will still have the existing umask...Notably your console getty, and therefore your login session at the console.

So I'd still set the umask in /etc/profile as well...

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
federico_3
Honored Contributor

‎02-21-2002 03:06 AM

‎02-21-2002 03:06 AM

Re: Procedure to set umask value?(at startup scripts)

Usually the mask is set in /etc/profile


Federico
0 Kudos
Reply
Justo Exposito
Esteemed Contributor

‎02-21-2002 03:16 AM

‎02-21-2002 03:16 AM

Re: Procedure to set umask value?(at startup scripts)

Hi,

If you have the apropiate privileges in the /etc/profile or .profile you must not have security problems, I think.

Regards,

Justo.
Help is a Beatiful word
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎02-21-2002 03:48 AM

‎02-21-2002 03:48 AM

Re: Procedure to set umask value?(at startup scripts)

Hi,

try the following command in /etc/profile:

umask u=rwx,g=rx,o=


this should set the desired permissions, whitespaces are not allowed, the fields have to be separated by ticks.

remember you have to logout and relogin to make the changes.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
K.Vijayaragavan.
Respected Contributor

‎02-21-2002 04:10 AM

‎02-21-2002 04:10 AM

Re: Procedure to set umask value?(at startup scripts)

Still i am getting the same output "02" for the command umask after making umask value 027 in "/sbin/rc" file.

I don't want to edit the .dtprofile or .profile or /etc/profile files as i want to have control on umask setting of the system at all times.

I have to restrict the access to execute umask command to root only if i go for editing the profile files.

But the reason why i am trying to look for alternative is I heard that if we depend only on .profile and .dtprofile files users may gain access to change the umask settings.
Is there any other way other than editing .profile, .dtprofile , .cshrc , .login
and /etc/profile and denying execute permissions to others for umask command?

-Vijay
"Let us fine tune our knowledge together"
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎02-21-2002 04:22 AM

‎02-21-2002 04:22 AM

Re: Procedure to set umask value?(at startup scripts)

K.Vijayaragavan,

Why do you think you have to restrict the use of umask? And why not put it in /etc/profile? It's not like users can change /etc/profile, because the permissions should be:

# ls -l /etc/profile
-r--r--r-- 1 bin bin 2478 Nov 13 13:50 /etc/profile


If you are concerned, for some reason, that users might change their umask, then keep them OUT of shells and in their applications! if a user changes their umask, it DOES NOT give them any special privileges, and it's NOT a security risk, other than the fact that they are in a shell!



live free or die
harry
Live Free or Die
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎02-21-2002 04:26 AM

‎02-21-2002 04:26 AM

Re: Procedure to set umask value?(at startup scripts)

Hi,

did you try the command I described in my last posting in your start- scripts?

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
K.Vijayaragavan.
Respected Contributor

‎02-21-2002 04:39 AM

‎02-21-2002 04:39 AM

Re: Procedure to set umask value?(at startup scripts)

As I want to maintain umask value of 027 as per the security standard suggested by our organisation, i implemented it by editing profile files and securing profile files and umask command.

But i am not sure whether this much action is enough to maintain umask value to 027 at any time.

That's whay i tried to know if any one else is having different approach and view.

So if any one else is having different approach please share with me!

Thanks to all!

Vijay
"Let us fine tune our knowledge together"
0 Kudos
Reply
K.Vijayaragavan.
Respected Contributor

‎02-21-2002 04:45 AM

‎02-21-2002 04:45 AM

Re: Procedure to set umask value?(at startup scripts)

Hi peter,

I tried it already and i could not get the expected result as there is no difference between the commands

" umask u=rwx,g=rx,o="

&

"umask 027"

-Vijay.
"Let us fine tune our knowledge together"
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎02-21-2002 04:45 AM

‎02-21-2002 04:45 AM

Solution

Re: Procedure to set umask value?(at startup scripts)

If you are maintaining a security standard, then keep people in their applications and out of shells. The biggest internal security risk and data protetion risk, is when users are allowed access to shells. I used to write banking applications where no one in the bank, including their operators and management, where never allowed in unix shells (ouch double negative).

Your security procedure should state that ROOT and other "important users" (oracle, informix, etc...) should have a umask of 027. But for normal users it really doesn't matter too much.

live free or die
harry
Live Free or Die
Reply
Systeemingenieurs Infoc
Valued Contributor

‎02-21-2002 04:53 AM

‎02-21-2002 04:53 AM

Re: Procedure to set umask value?(at startup scripts)

At our company, it was decided that a .profile is not owned by a user. Instead we created an .own_profile (and that one is property of a user). This gives u the opportunity to create default .profile files with a 'umask 027' in it.

cat .profile
blabla

. ./.own_profile

blabla
umask 027

Of course, it is a problem that any person can change his own .profile (since he owns his homedir, the filepermissions are meaningless). What I had in mind was to overwrite all .profiles every night. This should discourage the smart guys to modify their .profile


hein coulier
A Life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.