Set Default umask for User in Linux

Posted on

In this article, there are descriptions given on how to set default umask for user exist in Linux operating system distribution. There are several ways on doing it depends on the situation or the requirement needed.

By the way, what is umask actually ?. It is one of the other generally known as a command exist in Linux operating system distribution . Well, based on Wikipedia, the definition of umask is “In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It also may refer to a function that sets the mask, or it may refer to the mask itself, which is formally known as the file mode creation mask.” The definition of umask with detail and full description can be check in this link.

There are several ways on implementing umask based on the impact of the execution.

1. Temporary set umask just for temporary situation.
In case of certain need for a newly created file to have a different umask from the default umask assign to the file, just type the following command to change the default umask value to the new one. So, the newly created file will have a different umask from the default one. Below is the command’s pattern :

umask [umask_value]

First of all, check currently the default umask configured by typing ‘umask’ in the bash prompt :

[user@hostname ~]$ umask
0002
[user@hostname ~]$

To change it to another value, just type ‘umask [new_umask_value]’, as shown below :

[user@hostname ~]$ umask 0022

Check the umask value again to see whether the value of the umask has already changed :

[userhostname ~]$ umask
0022
[user@hostname ~]$ 

As it can be seen above, the value of the umask has changed. But the change of that value is temporary or not permanent. If the user logout the value will be reset back to the original default value.

2. Permanently set umask for certain user.

In order to permanently set umask for certain user without having to set whenever it is needed, the umask configuration can be configured by adding umask entry in the user profile’s configuration in /home/user/.bashrc or /home/user/.bash_profile

umask 0022

For an example in the following .bashrc :

# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

umask 0022 

Or in the following .bash_profile :

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

umask 0022

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

The execution command to prove whether .bashrc or .bash_profile’s edit configuration is working is by logging out from the current session. And after that logging back in to the host, workstation or server which has already been configured.

user@localhost:~$ ssh remoteuser@xxx.xxx.xxx.xxx
remoteuser@xxx.xxx.xxx.xxx's password:
Last login: Wed Dec 21 17:26:09 2016 from xxx.xxx.xxx.xxx
[remoteuser@localhost ~]$ umask
0022
[remoteuser@localhost ~]$

3. Permanently set from the very beginning since the user created in the first time.

This is the other option considering the requirement stated where the user must have a default mask since the creation of the user itself. To be able to do that, ‘root’ or super user account is needed to edit /etc/profile file and inserting one entry which is ‘umask 0022’.  The content can be shown as follow :

# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}

if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi

# Path manipulation
if [ "$EUID" = "0" ]; then
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
fi

HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi

for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done

unset i
unset -f pathmunge

umask 0022

As shown in the above /etc/profile’s content, there is an additional entry in the last line adding ‘umask 0022’ so that every newly user created will have a default umask of ‘0022’.

The execution of creating a new user can be shown as follows :

Edited the /etc/profile’s file to add an additional line entry of ‘umask 0022’ as shown below :

[root@localhost ~]# vim /etc/profile

Add user and check the user’s umask by executing the following command and scenario :

[root@localhost ~]# useradd testuser
[root@localhost ~]# passwd testuser
Changing password for user testuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# su - testuser
[testuser@localhost ~]$ umask
0022
[testuser@localhost ~]$ exit

One thought on “Set Default umask for User in Linux

Leave a Reply