Solved

PAM and UMASK

Posted on 2009-06-30
8
717 Views
Last Modified: 2013-12-16
Dear Experts,

I am trying to set umask globally by editing

/etc/pam.d/common-session

and adding the line

session optional pam_umask.so umask-077

after restarting, if i create a file, its permissions are

-rw-r--r--

they should be -rwx------

why is this happening?
0
Comment
Question by:narmi2
  • 5
  • 3
8 Comments
 
LVL 7

Expert Comment

by:martin_2110
ID: 24748638
Maybe 0077?
session optional pam_umask.so umask=0077

have you tried putting it in /etc/pam.d/login instead also.
0
 
LVL 1

Author Comment

by:narmi2
ID: 24748683
I thought if I use pam to set umask, I will only have to set it in one place.
0
 
LVL 1

Author Comment

by:narmi2
ID: 24748928
OK, I got it working, but because my user folder was created before umask was set, everyone can still view the contents.  While everyone else has files and folders set to umask 077.  How do I change the permissions of my home files and folders?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 7

Expert Comment

by:martin_2110
ID: 24749051
Sorry nevermind /etc/pam.d/common-session is the correct place to put it.

I found a small how to.
http://muzso.hu/2008/01/22/default-permissions-with-libpam-umask

==SNIP==
This will set the default umask globally, whether you log in through a shell (telnet, ssh, ...) or some other means. However don't forget to remove the umask lines from all the other places (login.defs and the various shell config files)!
==SNIP==

Maybe you need to remove or comment out the lines in /etc/login.defs. /etc/profile ~./profile
0
 
LVL 7

Accepted Solution

by:
martin_2110 earned 500 total points
ID: 24749062
chmod go-rwx /home/users
0
 
LVL 7

Expert Comment

by:martin_2110
ID: 24749068
that will remove perms on your home dir so that only your account can access it.
0
 
LVL 1

Author Comment

by:narmi2
ID: 24749313
Is chmod go-rwx /home/user/ recursive?

0
 
LVL 7

Expert Comment

by:martin_2110
ID: 24750662
no but i was not sure if you wanted to wipe out all your perms on the directories. chmod -R go-rwx /home/user is recursive.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question