From owner-freebsd-questions@FreeBSD.ORG Thu Aug 14 13:46:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 292F037B401 for ; Thu, 14 Aug 2003 13:46:13 -0700 (PDT) Received: from munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79E9543FD7 for ; Thu, 14 Aug 2003 13:46:12 -0700 (PDT) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.20) id 19nOz4-000NeH-U1 for questions@freebsd.org; Thu, 14 Aug 2003 21:46:10 +0100 Date: Thu, 14 Aug 2003 21:46:10 +0100 From: Jez Hancock To: questions@freebsd.org Message-ID: <20030814204610.GB86904@users.munk.nu> Mail-Followup-To: questions@freebsd.org References: <200308141542.40587.ajacoutot@lphp.org> <200308142025.18512.ajacoutot@lphp.org> <20030814191239.GA86904@users.munk.nu> <200308142137.49573.ajacoutot@lphp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200308142137.49573.ajacoutot@lphp.org> User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: umask X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2003 20:46:13 -0000 On Thu, Aug 14, 2003 at 09:37:46PM +0200, Antoine Jacoutot wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 14 August 2003 21:12, Jez Hancock wrote: > > Some applications require a less strict umask to install files correctly > > with the right permissions - quite often you aren't warned about this > > either and it can be a headache finding out which file perms are > > incorrect. > > Ah, OK... this is kind of a problem indeed. Yes I got burnt by setting my root umask to 077 and installing a raft of apps - real nightmare finding out which apps installed perms with dodgy perms. > Well, I don't know what to do anymore :) > Maybe setting an umask of 077 only for /usr/home (using fstab) would be a good > start ? The only gotcha there is with httpd access - if you decide to have apache read documentroot folders from under /usr/home then any files your users create in a shell won't be accessible by the www user by default. In the end I gave up and left the default umask alone, causes more problems than it solves in the 'prevention' vein. umask is perhaps more friendly when considering setting a lower umask to allow for users to create group rwx files by default. I've not used it that much tbh. :) -- Jez http://www.munk.nu/