[sf-lug] root and umask value :-)

Daniel Gimpelevich daniel at gimpelevich.san-francisco.ca.us
Sun Jan 1 18:32:32 PST 2017


On Sun, 2017-01-01 at 18:26 -0800, Michael Paoli wrote:
> I generally change
> the umask value to 077 - but then I'll use 022 anytime I'm
> installing/removing/upgrading software, shutting down, etc., where I
> presume most of that software and logs will be sufficiently protected
> by
> 022 umask permissions, and anything that ought be more tightly
> protected
> is probably so protected by the applicable software itself or its
> configuration thereof.  So, why do or would I typically do this?
> Mostly
> security - specifically prevention of accidental leakage of
> information.
> Not too infrequently I'll have to go through lots of data, some of
> which
> does or may contain information which shouldn't be world readable.  A
> typical example, I'm tasked to investigate a yet unexplained anomaly
> that occurred around such-and-such time.  I may open up a scratch
> vi(1)
> session - in temporary location - may well and often be /tmp
> or /var/tmp
> (typically invoking vi(1) without options).  If I were to do that
> unthinkingly with umask 022, then that data - e.g. scratch/temporary
> vi(1) file, would be world readable - and I may well be pulling in
> data
> which should only be readable by root.

Would it not suffice to just cd into a 0700 directory before doing that?




More information about the sf-lug mailing list