Re: home directory permissions

From: Pete Nesbitt (pete_at_linux1.ca)
Date: 02/25/04

  • Next message: Pete Nesbitt: "Re: Custom Error Pages for Apache" 
    To: redhat-list@redhat.com
Date: Tue, 24 Feb 2004 19:09:39 -0800

    On February 24, 2004 10:27 am, Kieran Hood wrote:
    > I want to make it so that all new files created in a user's home
    > directories are only readable by the users who own them and their groups.
    > Is umask the best way to do this? Also where do I add the command so that
    > it is executed on startup? Thanks
    >
    > --
    > Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

    Hi Kieran,
    yes, umask is the utility to change default file permissions for a user, but
    not specificly for their home dir.

    You can edit /etc/bashrc for global bash umask.
    Near the top you will find a section like:

    # by default, we want this to get set.
    # Even for non-interactive, non-login shells.
    if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
            umask 002
    else
            umask 022
    fi
    ---------------------------------------------
    The top one is for regular (non-system) accounts, although useradd starts at
    500 for regular users.

    If you changed "umask 002" to "umask 007" then all user created files and
    directories would be created as readable (and dir's exec-able) only by the
    user. Again, that would be set to the user, not just their home directory.
    The user can also use umask to change that setting.

    If you look at the default perms on the users home you should find only the
    owner can read or exec the home directory anyway, so in most cases, no
    changes should be needed. Also, the default user scheme in Red Hat will
    create a "user private" group, so each users primary group is the same as
    their userid.

    Hope that helps. 

    -- 
Pete Nesbitt, rhce
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Pete Nesbitt: "Re: Custom Error Pages for Apache"