Author: Robert Storey Date: To: dng Subject: [DNG] Subject: Re: useradd defaults
>> I'm getting a bit uncomfortable about starting this thread, because upon >> reflection, it seems that one consequence of setting the system-wide may
>> be that the 027 umask will end up having some system account creating a
>> file that should be world-readable or world-executable, but because of
>> the umask, it now would not be, and so would break stuff. My intent was
>> to protect data of one user from other users, which could be done by
>> making the change in .profile or even in the default .bashrc.
>>
>
> I was actually waiting for somebody to realise this before answering
> your email. In a "Universal OS" there is much more than the
> preferences of single specific users, or specific applications, or
> specific environments. There is the necessity to accommodate a huge
> number of different scenarios and use cases. In short, that's why you
> have the umask set by default to 022. Any user can change this
> behaviour to a more restrictive one, if they need so.
Yes indeed - permission errors are among the most common difficulties that
inexperienced users encounter when they first start with Linux. Long ago, I
tried setting my own umask to 077, thinking that it would enhance my
security. Didn't occur to me until later that it broke all the web pages I
created and uploaded to my site, since no one but me could read them. Once
I realized it, I was able to fix the problem with chmod, but it was easy
enough to forget to do that when creating a new page, and I eventually
decided the only sane solution was to go back to umask 022, which was the
default.
I ran into the above problem after I'd been using Linux for about five
years, and I understood the cause once somebody complained to me that he
couldn't read my site even though I still could. However, had I run into
this difficulty earlier in my Linux career, I probably would not have been
able to figure out the cause, and would have concluded that "Linux is no
good." So I favor keeping the default umask at 022, and let users tweak
their own .bashrc and .profile if they want more restrictive security.