The default file and directory permissions are usually set in two places (depends on what service you use to access the system):
/etc/login.defs
- the default global config of your shell (usually
/etc/profile
on most systems, but depends on the number of shells set for users in /etc/passwd
)
It can easily become a messy job to keep umask settings synchronized over all the possible config files. Here comes
libpam-umask
in the game.
On Debian based systems you can install the
libpam-umask
package and add something like this to your
/etc/pam.d/common-session
file:
session optional pam_umask.so umask=022
This will set the default umask globally, whether you log in through a shell (telnet, ssh, ...) or some other means. However don't forget to remove the
umask
lines from all the other places (
login.defs
and the various shell config files)!
Comments
when I am trying to install
The following packages will be REMOVED:
adduser alacarte apparmor apparmor-utils apturl avahi-autoipd avahi-daemon
base-files bash bluez-cups bluez-gnome bluez-utils brasero brltty brltty-x11
bug-buddy compiz compiz-gnome console-setup consolekit contact-lookup-applet
cron cups-pdf cupsys cupsys-bsd cupsys-client cupsys-driver-gutenprint dbus
dbus-x11 deskbar-applet dhcdbd ekiga eog evince evolution
evolution-data-server evolution-exchange evolution-plugins evolution-webcal
f-spot fast-user-switch-applet file-roller foomatic-db-engine
foomatic-db-hpijs foomatic-filters friendly-recovery fuse-utils gconf-editor
gdebi gdm gedit gimp-gnomevfs gksu gnome-app-install gnome-applets
gnome-control-center gnome-games gnome-media gnome-mount
gnome-netstatus-applet gnome-orca gnome-panel gnome-pilot
gnome-pilot-conduits gnome-power-manager gnome-screensaver gnome-session
gnome-settings-daemon gnome-spell gnome-system-monitor gnome-terminal
gnome-user-guide gnome-utils gnome-vfs-obexftp gnome-volume-manager gpass
grub gstreamer0.10-gnomevfs gtkhtml3.14 gvfs-backends hal hal-cups-utils
hpijs hplip hwdb-client-common hwdb-client-gnome initramfs-tools initscripts
klogd libbonoboui2-0 libcamel1.2-11 libdeskbar-tracker libebook1.2-9
libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserverui1.2-8
libeel2-2 libexchange-storage1.2-3 libgail-gnome-module libgnome-desktop-2
libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-perl
libgnome2-vfs-perl libgnome2.0-cil libgnomeui-0 libgnomevfs2-0
libgnomevfs2-bin libgnomevfs2-extra libgphoto2-2 libgtkhtml2.0-cil
libgtkhtml3.14-19 libgtkhtml3.8-15 libgweather0 liblpint-bonobo0 libmtp7
libnss-mdns libpam-modules libpanel-applet2-0 libsane libtotem-plparser10
linux-generic linux-image-2.6.24-11-generic linux-image-2.6.24-8-generic
linux-image-generic linux-restricted-modules-2.6.24-11-generic
linux-restricted-modules-2.6.24-8-generic linux-restricted-modules-generic
linux-ubuntu-modules-2.6.24-11-generic linux-ubuntu-modules-2.6.24-8-generic
login mlocate mousetweaks nautilus nautilus-cd-burner nautilus-sendto
network-manager network-manager-gnome ntfs-3g openoffice.org-gnome
openssh-client passwd pcmciautils policykit policykit-gnome ppp pppconfig
pppoeconf pulseaudio pulseaudio-module-hal python-gnome2
python-gnome2-desktop python-pyatspi rhythmbox samba-common seahorse
smbclient software-properties-gtk sound-juicer ssh-askpass-gnome ssl-cert
sudo sysklogd system-config-printer-gnome system-services tomboy totem
totem-gstreamer totem-mozilla totem-plugins tracker tracker-search-tool
truecrypt tsclient ubufox ubuntu-desktop ubuntu-docs ubuntu-minimal
ubuntu-standard udev update-manager update-notifier upstart-compat-sysv
usplash usplash-theme-ubuntu vino volumeid wvdial xsane yelp
The following NEW packages will be installed:
libpam-umask
Re: when I am trying to install
apt-get check
followed by anapt-get remove
. If the former shows errors, then you've package dependency problems on your Ubuntu installation and you should fix them first. If the latter shows any packages to be removed, then it means you had some packages already marked to be removed and the installation of a new package (libpam-umask
in this case) only triggered the removal of all the others' ... and it was not the root cause for it.Btw. I'd not run any distro version that is still under testing (ie. not marked as stable even by the developers). Ubuntu's latest stable version used to be "experimental" enough in itself after the release. I always wait a few months with the upgrade after the release of a new stable.
thanks for the quick reply.
Just wanted to make sure I got the right idea of libpam-umask
Re: when I am trying to install
Why the heck
Re: Why the heck
Ubuntu 10.04
I referenced your post in one of my questions on serverfault.com
http://serverfault.com/questions/166176/ways-to-set-umask-on-ubuntu-for-daemon-processes/167661
I also elaborated there a bit for Ubunut 10.04.
Ubuntu Linux umask explained (video tutorial)