First make sure the pam-modules package is installed. This makes the pam_umask module pam_umask . Then make sure /etc/pam.d/common-session has a line like
session optional pam_umask.so
so that pam_umask enabled.
Now, according to the pam_umask man page, by default, umask is detected at login, checking each of the following places to:
The hard drive set is set to /etc/pam.d/common-session by default. To set it this way, replace the line from the above file as follows:
session optional pam_umask.so umask=002
Entering a separate GECOS user field in /etc/passwd overrides the soft, system-wide default value for that particular user. Create this entry using the form command:
chfn --other='umask=002' username
The line of the form UMASK=002 in /etc/defaults/login (you may need to create this file) sets the soft system default value.
UMASK value from /etc/login.defs . This value is also used for something else (calculating permissions in the home directory of the new user that is being created, for more details see Comments in /etc/login.defs ). Therefore, it is better not to rely on this to set the default umask as default for regular logins, so that everything is in order.
So, in your case, you must configure this either in /etc/defaults/login if you want to be able to override the parameter for individual users or set it in /etc/pam.d/common-session , as described above, if you want it to be the same for all users.
Note that even with tough default settings, users can still override the default UMASK manually using the UMASK command on the command line or in the .profile script.
Also note that the traditional Unix way by default is to add the UMASK to /etc/profile , and this will also work. But this is not the recommended way to configure such things on Ubuntu, because it is difficult to manage the reliable use of scripts and graphical interfaces.
Yitz Mar 18 '15 at 11:00 2015-03-18 11:00
source share