HPE Community
Operating System - HP-UX
1848432 Members
6019 Online
104027 Solutions
New Discussion

Re: umask

 
Chakravarthi
Trusted Contributor

‎12-02-2002 05:28 AM

‎12-02-2002 05:28 AM

umask

Hi all,

My requirement is like this,

I set umask to 022 in /etc/profile, and this value should not be changed by any user. basically, the system values can be changed by users, but umask value should not change even the user has mentioned some other value in profile.

How to accomplish this

regards
chakri
0 Kudos
Reply
10 REPLIES 10
Ravi_8
Honored Contributor

‎12-02-2002 05:12 AM

‎12-02-2002 05:12 AM

Re: umask

Hi,

you can't.
users can override the umask value set by system using umask
never give up
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎12-02-2002 05:30 AM

‎12-02-2002 05:30 AM

Re: umask

Hi,

It's really not possible. Even Pete's solution that I thought to be the only way to do it can't work (or at least it's quite harder) because umask is also a builtin command. So even after renaming /usr/bin/umask, I can still change it.

Regards.
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
Armin Feller
Honored Contributor

‎12-02-2002 05:31 AM

‎12-02-2002 05:31 AM

Re: umask

Hi,

perhaps you can set the umask in /etc/profile for all useres, so the user is not able to change this.

Regards,
Armin
0 Kudos
Reply
Chakravarthi
Trusted Contributor

‎12-02-2002 05:33 AM

‎12-02-2002 05:33 AM

Re: umask

User can change it at the command line or in his profile, because

first the system profile and then the user profile will get executed, so it'll override system parameters,

the user can change it anytime
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-02-2002 05:34 AM

‎12-02-2002 05:34 AM

Re: umask

Chakri,

Short of renaming or removing or changing the permissions on the actual umask command (or perhaps creating an alias for every user that would point to a dummy umask that actually does nothing), you really can't prevent them from using umask.

Pete

Pete
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎12-02-2002 06:03 AM

‎12-02-2002 06:03 AM

Re: umask

Yeeeaaaah ... I gave my answer 5 minutes before reading Pete's one ... but I'm speaking about it ! Return to future ...
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
Chakravarthi
Trusted Contributor

‎12-02-2002 09:09 PM

‎12-02-2002 09:09 PM

Re: umask

or can i have a cronjob running on my machine which checks the umask every time for all the users, if any change happens it'll set it to the default umask which is set in /etc/profile
0 Kudos
Reply
Michael Tully
Honored Contributor

‎12-02-2002 09:52 PM

‎12-02-2002 09:52 PM

Re: umask

The biggest problem you face is where are you going to look to change a users umask. There are a number of places (~user/.profile, ~user/.login) and any little env file they happen to have laying around, and of course if they have shell access, it is a little bit hard stop unless you change the execute permissions for umask itself. I wouldn't do this, as there may be some exexcutable that could attempt to use 'umask' to create files.
Anyone for a Mutiny ?
0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-09-2002 06:57 AM

‎12-09-2002 06:57 AM

Re: umask

Hi,

I can think of one way to ensure that people who use umask know they shouldn't:

Alias umask to umask -S in the /etc/profile. This way, when somebody tries setting up an umask, he won't be able to.
Someone who _really_ wants to change his umask is able to, though; he just has to unalias umask...

It's not a very nice solution (root also has to unalias umask if he wants to use it), but it's the only one I can think of...

Cheers,

Fran??ois-Xavier
0 Kudos
Reply
Dietmar Konermann
Honored Contributor

‎12-09-2002 08:01 AM

‎12-09-2002 08:01 AM

Re: umask

As correctly noted before, umask(2) cannot be restricted (just the same is true for chmod(2), BTW). However, it may be a good idea to warn users if they own files that are world-writable.

You can easily get a file list with e.g.:

# find / ! -type l -perm -2 | xargs ls -ld

After some filtering it should be easy to send some mails using a conjob, etc.

Best regards...
Dietmar.
"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.