:: [DNG] Subject: Re: useradd default…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRainer Weikusat at <-
M\Robert Storey at ->
Delete this message
Reply to this message
Author: Robert Storey
Date:  
To: dng
Subject: [DNG] Subject: Re: useradd defaults
>> I'm getting a bit uncomfortable about starting this thread, because upon
>> reflection, it seems that one consequence of setting the system-wide may
>> be that the 027 umask will end up having some system account creating a
>> file that should be world-readable or world-executable, but because of
>> the umask, it now would not be, and so would break stuff. My intent was
>> to protect data of one user from other users, which could be done by
>> making the change in .profile or even in the default .bashrc.
>>
>
> I was actually waiting for somebody to realise this before answering
> your email. In a "Universal OS" there is much more than the
> preferences of single specific users, or specific applications, or
> specific environments. There is the necessity to accommodate a huge
> number of different scenarios and use cases. In short, that's why you
> have the umask set by default to 022. Any user can change this
> behaviour to a more restrictive one, if they need so.

Yes indeed - permission errors are among the most common difficulties that
inexperienced users encounter when they first start with Linux. Long ago, I
tried setting my own umask to 077, thinking that it would enhance my
security. Didn't occur to me until later that it broke all the web pages I
created and uploaded to my site, since no one but me could read them. Once
I realized it, I was able to fix the problem with chmod, but it was easy
enough to forget to do that when creating a new page, and I eventually
decided the only sane solution was to go back to umask 022, which was the
default.

I ran into the above problem after I'd been using Linux for about five
years, and I understood the cause once somebody complained to me that he
couldn't read my site even though I still could. However, had I run into
this difficulty earlier in my Linux career, I probably would not have been
able to figure out the cause, and would have concluded that "Linux is no
good." So I favor keeping the default umask at 022, and let users tweak
their own .bashrc and .profile if they want more restrictive security.

cheers,
Robert
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] ...and when trolling went too far[DNG] Subject: Re: useradd defaults->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)