Home

Default permissions with libpam-umask

Tue, 2008.01.22 - 11:11 — müzso
The default file and directory permissions are usually set in two places (depends on what service you use to access the system):
  • /etc/login.defs
  • the default global config of your shell (usually /etc/profile on most systems, but depends on the number of shells set for users in /etc/passwd)
It can easily become a messy job to keep umask settings synchronized over all the possible config files. Here comes libpam-umask in the game. Smile

On Debian based systems you can install the libpam-umask package and add something like this to your /etc/pam.d/common-session file:
session optional pam_umask.so umask=022
This will set the default umask globally, whether you log in through a shell (telnet, ssh, ...) or some other means. However don't forget to remove the umask lines from all the other places (login.defs and the various shell config files)!

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Thu, 2008.03.06 - 12:40 — protocols (not verified)

when I am trying to install

when I am trying to install it on Ubuntu (latest Hardy) it wants to remove my whole system:

The following packages will be REMOVED:
  adduser alacarte apparmor apparmor-utils apturl avahi-autoipd avahi-daemon
  base-files bash bluez-cups bluez-gnome bluez-utils brasero brltty brltty-x11
  bug-buddy compiz compiz-gnome console-setup consolekit contact-lookup-applet
  cron cups-pdf cupsys cupsys-bsd cupsys-client cupsys-driver-gutenprint dbus
  dbus-x11 deskbar-applet dhcdbd ekiga eog evince evolution
  evolution-data-server evolution-exchange evolution-plugins evolution-webcal
  f-spot fast-user-switch-applet file-roller foomatic-db-engine
  foomatic-db-hpijs foomatic-filters friendly-recovery fuse-utils gconf-editor
  gdebi gdm gedit gimp-gnomevfs gksu gnome-app-install gnome-applets
  gnome-control-center gnome-games gnome-media gnome-mount
  gnome-netstatus-applet gnome-orca gnome-panel gnome-pilot
  gnome-pilot-conduits gnome-power-manager gnome-screensaver gnome-session
  gnome-settings-daemon gnome-spell gnome-system-monitor gnome-terminal
  gnome-user-guide gnome-utils gnome-vfs-obexftp gnome-volume-manager gpass
  grub gstreamer0.10-gnomevfs gtkhtml3.14 gvfs-backends hal hal-cups-utils
  hpijs hplip hwdb-client-common hwdb-client-gnome initramfs-tools initscripts
  klogd libbonoboui2-0 libcamel1.2-11 libdeskbar-tracker libebook1.2-9
  libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserverui1.2-8
  libeel2-2 libexchange-storage1.2-3 libgail-gnome-module libgnome-desktop-2
  libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-perl
  libgnome2-vfs-perl libgnome2.0-cil libgnomeui-0 libgnomevfs2-0
  libgnomevfs2-bin libgnomevfs2-extra libgphoto2-2 libgtkhtml2.0-cil
  libgtkhtml3.14-19 libgtkhtml3.8-15 libgweather0 liblpint-bonobo0 libmtp7
  libnss-mdns libpam-modules libpanel-applet2-0 libsane libtotem-plparser10
  linux-generic linux-image-2.6.24-11-generic linux-image-2.6.24-8-generic
  linux-image-generic linux-restricted-modules-2.6.24-11-generic
  linux-restricted-modules-2.6.24-8-generic linux-restricted-modules-generic
  linux-ubuntu-modules-2.6.24-11-generic linux-ubuntu-modules-2.6.24-8-generic
  login mlocate mousetweaks nautilus nautilus-cd-burner nautilus-sendto
  network-manager network-manager-gnome ntfs-3g openoffice.org-gnome
  openssh-client passwd pcmciautils policykit policykit-gnome ppp pppconfig
  pppoeconf pulseaudio pulseaudio-module-hal python-gnome2
  python-gnome2-desktop python-pyatspi rhythmbox samba-common seahorse
  smbclient software-properties-gtk sound-juicer ssh-askpass-gnome ssl-cert
  sudo sysklogd system-config-printer-gnome system-services tomboy totem
  totem-gstreamer totem-mozilla totem-plugins tracker tracker-search-tool
  truecrypt tsclient ubufox ubuntu-desktop ubuntu-docs ubuntu-minimal
  ubuntu-standard udev update-manager update-notifier upstart-compat-sysv
  usplash usplash-theme-ubuntu vino volumeid wvdial xsane yelp
The following NEW packages will be installed:
  libpam-umask

Thu, 2008.03.06 - 13:29 — müzso

Re: when I am trying to install

This seems very strange. Shock Try a simple apt-get check followed by an apt-get remove. If the former shows errors, then you've package dependency problems on your Ubuntu installation and you should fix them first. If the latter shows any packages to be removed, then it means you had some packages already marked to be removed and the installation of a new package (libpam-umask in this case) only triggered the removal of all the others' ... and it was not the root cause for it.

Btw. I'd not run any distro version that is still under testing (ie. not marked as stable even by the developers). Ubuntu's latest stable version used to be "experimental" enough in itself after the release. Smile I always wait a few months with the upgrade after the release of a new stable.

Thu, 2008.03.06 - 13:52 — protocols (not verified)

thanks for the quick reply.

thanks for the quick reply. indeed this is a problem of the current ubuntu hardy package.

Just wanted to make sure I got the right idea of libpam-umask Wink

Mon, 2008.08.18 - 11:31 — müzso

Re: when I am trying to install

Ok, now I got to use this in Hardy too. Smile Found the problem: libpam_umask is no longer necessary since the required module is now in the libpam-modules package.

Mon, 2010.01.18 - 13:15 — Neikius (not verified)

Why the heck

Why the heck is this not mentioned anywhere in debian docs? By a stroke of pure luck I found this and now it all works. Very few people know about this, sadly. Thank you, you just made my life a lot simpler!

Mon, 2010.01.18 - 16:47 — müzso

Re: Why the heck

That's the thing with linux ... you can do everything in at least a 100 ways. It's sometimes difficult to know all the solutions to a problem ... and even more difficult to pick the "best" (and there're a thousand definitions/algorithms for that one too Smile ).

Fri, 2010.08.06 - 04:37 — Michael (not verified)

Ubuntu 10.04

Hey, thanks for posting this info.

I referenced your post in one of my questions on serverfault.com
http://serverfault.com/questions/166176/ways-to-set-umask-on-ubuntu-for-daemon-processes/167661

I also elaborated there a bit for Ubunut 10.04.

Mon, 2015.12.07 - 15:27 — Liviu Balan (not verified)

Ubuntu Linux umask explained (video tutorial)

If you want learn about umask in order to check the current user value, set temporary and default value, octal and symbolic representation, computing octal value you can take a look at http://www.liviubalan.com/ubuntu-linux-umask-explained