1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
documentation_complete: true
title: 'Ensure that Users Have Sensible Umask Values'
description: |-
The umask setting controls the default permissions
for the creation of new files.
With a default <tt>umask</tt> setting of 077, files and directories
created by users will not be readable by any other user on the
system. Users who wish to make specific files group- or
world-readable can accomplish this by using the chmod command.
Additionally, users can make all their files readable to their
group by default by setting a <tt>umask</tt> of 027 in their shell
configuration files. If default per-user groups exist (that is, if
every user has a default group whose name is the same as that
user's username and whose only member is the user), then it may
even be safe for users to select a <tt>umask</tt> of 007, making it very
easy to intentionally share files with groups of which the user is
a member.
<br /><br />
|
