You can use an ACL (access control list) to set the default permissions for files in a directory.
From man 5 acl
:
If a default ACL is associated with a directory, the mode parameter to
the functions creating file objects and the default ACL of the directory
are used to determine the ACL of the new object:
The new object inherits the default ACL of the containing directory
as its access ACL.
The access ACL entries corresponding to the file permission bits are
modified so that they contain no permissions that are not contained
in the permissions specified by the mode parameter.
To set it up (change device, directories, etc., accordingly):
Edit your /etc/fstab
file and add the acl
mount option.
/dev/mapper/star-home /home ext3 defaults,acl 0 2
Remount (Samba mount.cifs
man page) your filesystem by rebooting or use:
mount -o remount,acl /home
Make sure you have the setfacl
and getfacl
utilities.
Set the default ACL on the directory (you may also need to set the ACL on existing files):
$ setfacl -m d:user:george:rwx,d:group:sales-g:rwx,d:group:marketing-g:rwx projections
See the linked tutorial for more information.
Source: Tutorial Part 1 and Part 2
Reference: POSIX Access Control Lists on Linux
If the services are started via Upstart or /etc/init.d, edit the appropriate initscripts.
- init.d:
umask 02
at the top of script (they are ordinary sh
scripts)
- Upstart:
umask 02
anywhere
Linux does not have a strict definition of "login", and an account is merely an UID that can (or cannot) be associated with a name/homedir/etc.
When you log in on console/over SSH, the login program (or the SSH daemon) uses PAM to set up the environment (possibly pam_umask
), then starts your shell with the "login" flag. The /etc/profile
script belongs to the sh and bash shells, which only read it for "login" invocations.
When you use sudo touch ...
or sudo /etc/init.d/foo start
, sudo still calls PAM for auth/account/session setup, but does not start the shell at all, meaning all "profile" or "bashrc" files will be ignored. (That is, unless you use sudo -i ...
.)
When Upstart runs a service, it simply switches the UID to that of your service, skipping any "profile" scripts or PAM configuration. The only configuration that is read is the service's file in /etc/init
, which is where you should put the umask setting.
Best Answer
What you want is the
UMASK
setting in the/etc/login.defs
file.