2

I am new to UBUNTU

As per our security policies Umask value for each user must be as restrictive as possible:

• for “root”: at least 077.

• for other users: at least 027.

I have set umask as 0077 for root in root's .bashrc file.

It reflects perfectly ok for root

root@FR6-U-V-1115-227:~# umask
0077

But when I set umask for other users as 027 in /etc/login.defs and then login via any user example osadmin the umask comes as 0007 for that user.

Please suggest where I need to set umask as 027 for all other users except root.

# ssh osadmin@10.1.235.227
Last login: Thu Oct 15 06:21:53 2015 from 172.20.20.98
osadmin@FR6-U-V-1115-227:~$ umask
0007
osadmin@FR6-U-V-1115-227:~$

root@FR6-U-V-1115-227:~# cat /etc/os-release
NAME="Ubuntu"
VERSION="14.04.3 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.3 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
terdon
  • 98,183
  • 15
  • 197
  • 293
Nidhi
  • 261
  • 1
  • 3
  • 10

1 Answers1

0

From the man page example of pam_umask 

man pam_umask

EXAMPLES
Add the following line to /etc/pam.d/login to set the user specific umask at login:
session optional pam_umask.so umask=0022

So in your case, use 0027 for the mask.

ubfan1
  • 17,041
  • 4
  • 39
  • 47
  • Do u mean if we edit /etc/pam.d/login with umask as 0027 this umask will be applicable for all the users on server except for root? Please suggest – Nidhi Oct 16 '15 at 09:55