umask and permissions: has umask 007 bad side effects?

browny_amiga · 03-16-2011, 08:39 PM

Hi,

My Debian system has by default umask permissions of 0022, which I never liked. One user can read all the files of another seems very insecure to me.

I am planing to set it to 007, so that user and group have rw but all others have none.

Are there any side effects to that? I have noticed from a trial I did where I was changing permissions on the filesystem that some system stuff in the OS does not work anymore, if "others" have no read permission anymore, so that is why I am asking.

And why are chmod / umask permissions sometimes stated as 4 digits? What is this "all" group in the end? Isn't that already covered by "others"?

Thanks,

Markus

SL00b · 03-17-2011, 03:35 PM

I'd say I think umask 0007 is a bad idea. You have system functions running as their own userids for a reason, to fence them off from root permissions because they could be exploited. For example, if you're running FTP, it's running as it's own userid, but it needs read access to some system files owned by root. If you solve that problem by adding that user to the root group, with umask 007, you've just given that userid full root access, and if someone successfully pops your FTP server, you handed them the keys to the kingdom. That's why 022 is the norm... even members of the root group can't overwrite root's files.

For your ordinary users, 0007 would also take away execute privileges for ordinary bash commands a user might execute, like cd, grep, man, etc. This would effectively render your system useless to them.

If there are certain files/directories you don't want world-readable, the best practice would be to do a chmod there to remove those permissions, and otherwise, let the umask do what it does.

As for why it's four digits and not three, that's because the leading digit covers sticky bit or setuid/setgid. If you omit the leading digit it's treated as a zero, so umask 022 = umask 0022.

beinvisible · 09-09-2011, 08:01 AM

The umask only affects the access rights of newly _created_ files. E.g. an editor saves a text file using rw-rw-rw- by default, but these privileges are masked with the user's umask when the system actually creates the file. 022 would mask it down to rw-r-r while 007 would mask it down to rw-rw----.

The umask does _not_ affect file _reads_.

Most Linux distributions use umask 022, but some also use 002 (which is useful if you have directories shared between users). E.g. RedHat uses 022 for uids <= 100 and 002 for uids > 100. Setting 007 for normal users should be perfectly safe (root will be more secure with 022 oder 027); it might only cause problems if it is used for system processes, that write files which should be world-readable.

Further reading: http://cyberciti.biz/tips/understand...lue-usage.html