On Sat, Feb 26, 2000 at 01:01:53AM -0800, Mark Wagnon wrote: > Hi all, > > I changed my umask for root to 077. I'm not certain if that was > wise. I'm also not certain if it's the cause of my headache with my > attempt to install StarOffice.
I once changed root's umask to 077 (or maybe it was 027) and found it to be far more trouble then it was worth. this was before i had much experience with linux and as I became more experienced this umask became more annoying... when you look at a standard unix[y] system over 95% of all files/directories is world readable/executable. there really is not all that much that needs to be read protected so setting root's umask to 077 or similar will result in alot more use of chmod then a 022 umask will. also many people who suggest a 077 umask for root also suggest silly things like changing permissions on programs like lilo or adduser to 700, even though they have no setuid bits set. (any user can easily download binaries or source of these programs to regain access but it does them no more good then running the copies in /usr/sbin would as they don't have the underlying permissions those programs need to function) I am sure there are some cases where different umask's for root may be useful but i have found that 022 is most convenient. I just make sure i chmod files before adding sensitive information to them. for example lilo.conf chmod 600 before adding a password= line to it. > I do a net installation and am able to install as root, but I can't > install as a normal user. It turns out that the permissions on the > SO directories are whacked. I can't get into most of them as a > normal user. im not much familier with SO... one thing to consider if it was distributed as a tarball you should use the -p switch to tar at all times, this ensures that the embedded permissions are used instead of just masking against your current umask. (in some cases of bogus tar archives this is actually worse but not usually...) > Now I'm not sure if the problem is with the umask for root, or if > it's because I've left the /usr/local partition alone during my > flings with of flavors of Linux. The /usr/local and all subdirs > seemed to be owned by root.staff. I chown -R'd them to root.root, > and attempted to reinstall SO, but no luck. nah i always get rid that that root.staff thing too along with the group writability. it should not cause any problems. (that's a debianism there never seen that one other linux dists) > Anyway, all this ranting brings me to the point of this post: what's > the default umask for the root account? default on most systems ive seen is 022, IMO as long as it does not have any more then 1 zero its safe. but 022 is most convenient for everyone all around generally. -- Ethan Benson
