>> I'm getting a bit uncomfortable about starting this thread, because upon >> reflection, it seems that one consequence of setting the system-wide may >> be that the 027 umask will end up having some system account creating a >> file that should be world-readable or world-executable, but because of >> the umask, it now would not be, and so would break stuff. My intent was >> to protect data of one user from other users, which could be done by >> making the change in .profile or even in the default .bashrc. >> > > I was actually waiting for somebody to realise this before answering > your email. In a "Universal OS" there is much more than the > preferences of single specific users, or specific applications, or > specific environments. There is the necessity to accommodate a huge > number of different scenarios and use cases. In short, that's why you > have the umask set by default to 022. Any user can change this > behaviour to a more restrictive one, if they need so.
Yes indeed - permission errors are among the most common difficulties that inexperienced users encounter when they first start with Linux. Long ago, I tried setting my own umask to 077, thinking that it would enhance my security. Didn't occur to me until later that it broke all the web pages I created and uploaded to my site, since no one but me could read them. Once I realized it, I was able to fix the problem with chmod, but it was easy enough to forget to do that when creating a new page, and I eventually decided the only sane solution was to go back to umask 022, which was the default. I ran into the above problem after I'd been using Linux for about five years, and I understood the cause once somebody complained to me that he couldn't read my site even though I still could. However, had I run into this difficulty earlier in my Linux career, I probably would not have been able to figure out the cause, and would have concluded that "Linux is no good." So I favor keeping the default umask at 022, and let users tweak their own .bashrc and .profile if they want more restrictive security. cheers, Robert
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng