On 18/07/2024 00:01, Greg Wooledge wrote:
On Wed, Jul 17, 2024 at 17:58:57 +0100, Tim Woodall wrote:
No, I'm talking about sudo, not su. I'm not a sudo user so I can't test
but my understanding is that root inherits the umask of the invoking
user (or it used to)
Looks like this is still true.
hobbit:~$ umask 077
[...]
hobbit:~$ sudo bash -c umask
0077
Partially it is the same issue as with su when pam_umask.so is missed in
common-session. When it is present, the value from login.defs is
respected for "sudo -i". However I am in doubts if it is proper
behavior. For administrative tasks 022 is more reasonable default even
if something else is configured for regular users.
sudoers(5) describes "umask_override" and "umask" settings. It seems
changing default umask requires modification of these preferences.
