To clarify a bit more, umask is a per-process setting, having nothing to do with the file system itself. Rather, each process starts with the umask of its parent process (in your case, likely the shell). An application may change its own umask, and there are no restrictions on this. The umask is simply a mask that zero's portions of the default file creation modes (in open(), creat()).
You would need a special "shell" to prevent a user from changing their own shell process' umask, but it would also have to control which programs could be exec'd, etc. This gets into a more restrictive shell (like rsh, the restriced mode of the shell, not remote shell)..
Last edited by Mr. C.; 07-16-2008 at 06:30 PM.
|