Downsides of umask 077?

022 makes things convenient. 077 makes things less convenient, but depending on the circumstances and usage profile, it might not be any less convenient than having to use sudo.

I would argue that, like sudo, the actual, measurable security benefit you gain from this is negligible compared to the level of pain you inflict on yourself and your users. As a consultant, I have been scorned for my views on sudo and challenged to break numerous sudo setups, and I have yet to take more than 15 seconds to do so. Your call.

Knowing about umask is good, but it's just a single Corn Flake in the "complete breakfast". Maybe you should be asking yourself "Before I go mucking with default configs, the consistency of which will need to be maintained across installs, and which will need to be documented and justified to people who aren't dim-witted, what's this gonna buy me?"

Umask is also a bash built-in that is settable by individual users in their shell initialization files (~/.bash*), so you're not really able to easily enforce the umask. It's just a default. In other words, it's not buying you much.


The most obvious downside is when you start creating files/directories in a shared directory, expecting other users to access them.

Of course, it's only a matter of not forgetting to set the correct umask before doing stuff that need to be shared by all users.

Another caveat (not really a downside, once you are aware of it) is when you start doing sudo stuff such as installing local programs, ruby gems, python eggs (not OS manage packages obviously), creating configuration files, and so on.

You will get into trouble for the umask is inherited by the sudo session, so only root will be able to access files/dirs you create. sudo can be configured to automatically set the umask the way you want: this question is covered on superuser.com.