Colin Watson wrote: > People creating new files in group-writeable locations should use 'umask > 2' first. If you have a one-group-per-user setup (as is standard on > Debian systems), then they can just set 'umask 2' all the time safely.
Colin's answer is, as always, right on target. But I wanted to add
some hints that perhaps would not be so obvious.
The default /etc/profile contains 'umask 022'. You probably want to
change that to the following instead.
umask 022
if [ "$(id -u)" -ge 1000 ]; then
umask 02
fi
Or possibly the more careful:
umask 022
if [ "$(id -u)" = "$(id -g)" -a "$(id -u)" -ge 1000 ]; then
umask 02
fi
Which tests that your group is really the same as your user id. In
which case we know that one-group-per-user is set up as standard. But
it catches it in the case that it changes. And that you are a user in
user space at or above 1000 and not a system user below that range.
Then in /etc/skel/.bash_profile you need to remove the umask setting
entirely. Or change it to 02. I recommend removing it entirely there
and letting the system /etc/profile control it when possible. Also
change the other dot files in the skeleton directory for other
shells. Or delete them if you don't use them.
Having done the above you are set up for new users that you add after
changing that line.
But previously added users have already gotten the old skeleton
bash_profile file in their home directory. You will need to handle
those users in some way. Probably by editing those files and deleting
the umask line from them. But being user files you need to tread
carefully. Many users take offense at the administrator touching user
files. And they may have already customized it.
Bob
pgp00000.pgp
Description: PGP signature
