[sf-lug] root and umask value :-)
Rick Moen
rick at linuxmafia.com
Sun Jan 1 20:25:50 PST 2017
Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
> But :-) ... as far as an interactive root login session, fine to
> change/set it to something reasonable - as long as one remains
> sufficiently aware of it. And I'm *not* talking about putting it in
> ~root/.profile or the like.
My friend Richard Couture, from whom I learned much as a beginner Unix
admin, was of the opinion that it's actively undesirable to customise
the root environment in any way that would make it more convenient to
remain in, because doing so would increase the likelihood of you
remaining there. I.e., his implication was that you should seek to use
superuser authority to the minimum feasible extent, and that it's
highest and best use is making arrangements so you won't need it in the
future, e.g., setting ownership and permissions as requires so as to not
need it again.
Because, the worst threat on an ongoing basis to any Unix system is the
sysadmin wielding system authority -- almost as dangerous as a
programmer with a screwdriver. ;->
As part of that, I don't change the root user's umask at any time
because _when_ you are wielding superuser authority, it's extremely
useful for that user's shell behaviour to be predictable and consistent,
as anything that make it less so increases the danger.
Root-usr file operations require some chowning afterwards? Better that
tnan making the root user's environment non-standard, IMO. Same reason
to never fool with root's dotfiles, etc.
Works for Me.[tm]
More information about the sf-lug
mailing list