/etc/rc.config sets umask to 022
I just noticed that the /etc/rc.config script sets the umask to 022 (SuSE 6.3). It does not seem to be something which can be changed with yast, even when editing rc.config with yast directly. Considering that all system daemons get started with this umask, isn't that a rather bad choice? For example I don't want apache log files to be user-readable. Each time the log files get rotated and apache restarted, the logs would be created with permissions 644. Are there any daemons which create files and not explicitly set the permissions to user-readable if necessary? If not then there's no reason to run all of them with 022. Volker
I just noticed that the /etc/rc.config script sets the umask to 022 (SuSE 6.3). It does not seem to be something which can be changed with yast, even when editing rc.config with yast directly. Considering that all system daemons get started with this umask, isn't that a rather bad choice? For example I don't want apache log files to be user-readable. Each time the log files get rotated and apache restarted, the logs would be created with permissions 644. Are there any daemons which create files and not explicitly set the permissions to user-readable if necessary? If not then there's no reason to run all of them with 022.
Volker
Setting the umask to 077 will cause you trouble on any unix (-like) system. Better close directories that contain privacy-critical files. Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.
participants (2)
-
Roman Drahtmueller -
Volker Kuhlmann