How to change umask mode permanently?
A simple man -k umask
should have led you to reading man pam_umask
, whish says, in part:
DESCRIPTION
pam_umask is a PAM module to set the file mode creation mask of the
current environment. The umask affects the default permissions assigned
to newly created files.
It also says,
The PAM module tries to get the umask value from the following places
in the following order:
· umask= argument
· umask= entry in the user's GECOS field
· UMASK= entry from /etc/default/login
· UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB in
/etc/login.defs)
Thanks @waltinator for pointing me for the right direction.
From here I figured easy step how to set umask mode to 0027 just run in terminal:
sudo gedit /etc/login.defs
or with nano
which one you prefer.
search for the line:
Prefix these values with "0" to get octal, "0x" to get hexadecimal.
ERASECHAR 0177
KILLCHAR 025
UMASK 027
Edit the last line refering UMASK this will set umask to 0007 to take effect simply log out and log in back.
Make a notice on the lines above: If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value...used as group permissions, e. g. 022 will become 002
So for the umask 0027 to take effect roll down to the line:
USERGROUPS_ENAB yes
and change it to:
USERGROUPS_ENAB no
Done. After you logged out and log in back run in terminal umask
and it'll give you 0027
mode.
Now create a new file with touch
in terminal:
touch testfile
now check the permissions:
stat -c %a ~/testfile
It should give you 640
UPDATE
There's another simple way:
nano ~/.bashrc
add
#Set umask mode
umask 0027
Close and save, logout and login. Should work for you as well.
I was using JoKeR's answer above to achieve a system wide umask of 027 but I was conscious that when I used USERGROUPS_ENAB no
it required more group management. So I feel I have found a better answer, basically:
- Make sure that the pam-modules package is installed; that makes the pam_umask module available.
- Make sure that /etc/pam.d/common-session has a line of the form
so that pam_umask is enabled.session optional pam_umask.so
- According to the pam_umask man page, the default umask is determined at login by checking each of the following places, in order:
- A hard system-wide default set in /etc/pam.d/common-session. To set
it this way, replace the line from that file mentioned above with
this:
session optional pam_umask.so umask=027
- An entry in an individual user's GECOS field in /etc/passwd overrides a soft system-wide default for that specific user. Create that entry using a command of the form:
chfn --other='umask=027' username
- A line of the form
UMASK=027
in /etc/default/login (you may need to create that file) sets a soft system-wide default. - The UMASK value from /etc/login.defs. That value is also used for something else (computing the permissions on the home directory of a new user that is being created; see the comments in /etc/login.defs for more details). So it is best to avoid relying on this for setting the default umask for regular logins, to keep things separate.
- A hard system-wide default set in /etc/pam.d/common-session. To set
it this way, replace the line from that file mentioned above with
this:
So now for me I use the first option (system-wide default set in /etc/pam.d/common-session) and it's working really well.
Good luck my friends :)