Unmask Problems - Hoary 5.01

Michael R. Head burner at suppressingfire.org
Mon Jan 2 20:05:01 UTC 2006


OK, I just saw this in login.defs:

# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
# as the solution which catches all these cases on PAM-enabled systems.

I guess you want http://packages.ubuntu.com/breezy/admin/libpam-umask

And then you want to edit whichever files in /etc/pam.d/ (perhaps
'common-session') that you want to have umask set. Here's what the line
should look like:

session    optional     pam_umask.so umask=002


On Mon, 2006-01-02 at 13:40 -0600, Bobby Sanders wrote:
> On Mon, 2006-01-02 at 14:14 -0500, Michael R. Head wrote:
> > On Mon, 2006-01-02 at 12:53 -0600, Bobby Sanders wrote:
> > > I want my default unmask to be 002 for all the users on my small office
> > > system.  I have tried changing it in /etc/login.defs, i.e I changed the
> > > line;
> > > 
> > > UNMASK	022
> > > 
> > > to
> > > 
> > > UNMASK	002
> > > 
> > > rebooted, created a new file and the permissions were still -rw-r--r--
> > > 
> > > What am I missing?  I know this has worked on other *nixs in the
> > > past!  :(
> > 
> > Well, first of all, that should be UMASK, not UNMASK, second of all,
> 
> Thanks for pointing out my mispulling. :)
> 
> > that line is by default commented out, so maybe you have to uncomment
> > it.
> 
> >From my /etc/login.defs file:
> 
> "...
> # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
> #
> ERASECHAR       0177
> KILLCHAR        025
> UMASK           022
> #ULIMIT         2097152
> 
> #
> # Password aging controls:
> ..."
> 
> When I change the 022 to 002.  Nothing happens.
> 
> >  Third of all, double check that you aren't setting a umask in
> > your .bash_profile or .bashrc or /etc/bash.bashrc.
> 
> Just checked them again.  No mention of umask there except
> for .bashrc_profile, which is commented out.  I tried uncommenting it
> and changing the 022 to 002.  Still no luck.  Perhaps I made a typo.
> I'll try it again.
> 
> Thanks,
> 
> Bobby
> 
> 
-- 
Michael R. Head <burner at suppressingfire.org>
GPG: http://www.suppressingfire.org/~burner/gpg.key.txt [0x4C9DA1D0]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060102/50c7127e/attachment.pgp>


More information about the ubuntu-users mailing list