1834189 Members
2744 Online
110064 Solutions
New Discussion

system wide umask

 
SOLVED
Go to solution
jerry1
Super Advisor

system wide umask

I forgot how to set the system wide umask
from hp default of 00 to 022.

10 REPLIES 10
Sundar_7
Honored Contributor
Solution

Re: system wide umask

Set the umask in /etc/profile.
Learn What to do ,How to do and more importantly When to do ?
Sanjay_6
Honored Contributor

Re: system wide umask

Hi Jerry,

the global file should be /etc/profile.

The profile execution sequence is /etc/profile and then .profile(user's profile) (for ksh/bash/sh shell users)

You can define umask in /etc/profile, then that can be overridden in .profile.

You can put umask in .profile, but put the owner of .profile to root:root.

This way a user can not modify your seetings in .profile.

But note that a user familiar with umask can modify it at command prompt.

Hope this helps.

Regds
Doug Burton
Respected Contributor

Re: system wide umask

You can also try this in the /etc/profile. It locks down root a bit more than the users.

if [[ $(/usr/bin/id -u) -eq 0 ]]
then
umask 077
else
umask 022
fi

jerry1
Super Advisor

Re: system wide umask

That's why I forgot. It was to easy.

Thanks all.
jerry1
Super Advisor

Re: system wide umask

Well. We are all wrong.

I have no umask in /etc/profile or our system
wide custom /usr/local/etc/profile, etc...

I have commented out root's umask from .profile.
When I do a "remsh host1 umask" I get 022.

This is the only system that has the
umask set to 022 globally. All the others are 00.

I checked /sbin/rc and there is a umsak 022 on all the systems but they are still 00 globally. I also check /sbin/init.d/* and
they are all the same.
Where is 022 getting set on host1??

AMAT SA
Advisor

Re: system wide umask

what is the equivalnt of Solaris's /etc/default/init in HPUX, where in I can set the system level umask.
jerry1
Super Advisor

Re: system wide umask

As I understand it now. There are several
ways to set the umask but to set it as
a global default on that server we set
it in the HP-UX default files /etc/profile for sh,ksh and /etc/csh.login for csh.



jerry1
Super Advisor

Re: system wide umask

Oh, I forgot. You can also change it
in /sbin/init.d/inetd. inetd will then
have umask set for the services it provides.
Bill Hassell
Honored Contributor

Re: system wide umask

umask has been missing from /etc/profile forever. There is no equivalent file so you must put umask into /etc/profile. It is simply flat out wrong not to set umask for all logins. Put umask 022 in /etc/profile and also /etc/csh.login (and all other non-standard shells you may be using). it is one of the first security 'fixes' you have to do with new (and old) systems.


Bill Hassell, sysadmin
jerry1
Super Advisor

Re: system wide umask

umask, umask, who's gotta my umask?

See yah.