4

I have run into many permissions problems installing packages in 16.04. I install them using sudo, but then normal users cannot read the files in the package.

So I ran a simple test: I created a directory using sudo in 14.04, and looked at the permissions:

sudo mkdir test_14_04
ls -ld test_14_04/ 
#returns: drwxr-xr-x 2 root root 4096 Jan  3 05:57 test_14_04/

Then I did the same thing in 16.04, but instead I get:

#returns: drwxr-x--- 2 root root 4096 Jan  3 06:00 test_16_04/

As you can see, the default permission is world read in 14.04 but not in 16.04. So this may be the problem with the sudo-installed package permissions.

How can I fix this?

PS:
My 16.04 Ubuntu version is:

Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

and my 14.04 version is:

Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:        14.04
Codename:       trusty
Yaron
  • 12,828
  • 7
  • 42
  • 55
kingaj
  • 143
  • 3

2 Answers2

6

The problem you are facing seems to be with the default value of root umask

The permissions which were created in the 14.04 version, are equal to umask of 0022 which should the be default root value from umask

# umask
0022

It seems like your default umask in the 16.04 is 0027, which can be checked by running in the root prompt:

umask

in order to change the default behavior, you'll need to check root start scripts (profile, login, etc) and find where this value was set, and to change it to be:

umask 0022

Instead of:

umask 0027

More info can be found in understanding linux umask value usage

Example:

root@ubuntu:~# umask
0022
root@ubuntu:~# mkdir /tmp/z123
root@ubuntu:~# ll -ld /tmp/z123
drwxr-xr-x 2 root root 4096 Jan  3 14:51 /tmp/z123/
root@ubuntu:~# umask 0027
root@ubuntu:~# umask
0027
root@ubuntu:~# mkdir /tmp/a123
root@ubuntu:~# ll -ld /tmp/a123
drwxr-x--- 2 root root 4096 Jan  3 14:54 /tmp/a123/
Yaron
  • 12,828
  • 7
  • 42
  • 55
  • This doesn't work for sudo. I added umask 0022 to /root/.bashrc, and this works for root, but it didn't affect the default file permissions for sudo. – kingaj Jan 03 '18 at 18:44
1

About your question:

Execute sudo visudo and add the following lines:

`Defaults umask=0022`
`Defaults umask_override`

umask_override (see the sudoers manpage):

If set, sudo will set the umask as specified by sudoers without modification. This makes it possible to specify a more permissive umask in sudoers than the user's own umask and matches historical behavior. If umask_override is not set, sudo will set the umask to be the union of the user's umask and what is specified in sudoers. This flag is off by default. If set, sudo will run the command in a pseudo-pty even if no I/O logging is being gone. A malicious program run under sudo could conceivably fork a background process that retains to the user's terminal device after the main program has finished executing. Use of this option will make that impossible. This flag is off by default.

Hope this helps, good luck!

galoget
  • 2,943
  • 2
  • 20
  • 24