On Thu, Oct 16, 2008 at 06:01:37AM -0600, Wayne Nichols wrote: > >> > >>Setting the root umask to 027 will break Solaris. Some files and > >>directories need to be world-writable. > > > >Yes, please don't set root's umask to 027, not 077. > > > >>> > > I am curious as to what will go wrong if root's umask is set to 027 or > 077. I've been running some minimized S10 TX boxes for some time now > with root's umask set to 077. I'm wondering what problems I might be > causing. > > Any insight?
The problems I've seen with umask (and PATH) prior to the advent of SMF were of this sort: % su - <setup root's umask, PATH to differ from normal> # ^D % su - Password: ******** # /etc/init.d/<somescript> stop # /etc/init.d/<somescript> start <now the daemon in question, if there is one, will be running with the wrong umask and PATH> I've seen issues like log files having the wrong permissions (mostly harmless), but also I've seen fairly disastrous things too (like HP printers that suddenly printed garbage instead of nice documents). Now that we have SMF fewer things will go wrong because the environment of whoever invokes svcadm(1M) will not affect the environment of any service. But let me ask you this: what does root do that needs such paranoia? Files that must not be world-readable are generally^Walways protected by means other than umask, so that can't be it. And root shouldn't be used much, and should not keep sensitive data other than what is needed to run the system (see previous sentence). So why does root's umask need to be set to anything other than 022? Nico --
