jez.hancock at munk.nu
Thu Aug 14 13:46:13 PDT 2003
On Thu, Aug 14, 2003 at 09:37:46PM +0200, Antoine Jacoutot wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Thursday 14 August 2003 21:12, Jez Hancock wrote:
> > Some applications require a less strict umask to install files correctly
> > with the right permissions - quite often you aren't warned about this
> > either and it can be a headache finding out which file perms are
> > incorrect.
> Ah, OK... this is kind of a problem indeed.
Yes I got burnt by setting my root umask to 077 and installing a raft of
apps - real nightmare finding out which apps installed perms with dodgy
> Well, I don't know what to do anymore :)
> Maybe setting an umask of 077 only for /usr/home (using fstab) would be a good
> start ?
The only gotcha there is with httpd access - if you decide to have apache
read documentroot folders from under /usr/home then any files your users
create in a shell won't be accessible by the www user by default.
In the end I gave up and left the default umask alone, causes more
problems than it solves in the 'prevention' vein. umask is perhaps more
friendly when considering setting a lower umask to allow for users to
create group rwx files by default. I've not used it that much tbh. :)
More information about the freebsd-questions