sudo conflicts with umask 0077, what to do about it?

You think you have found a bug? Let us know about it.
Post Reply
GJones
Donor
Posts: 300
Joined: 22. Jul 2011, 23:27

sudo conflicts with umask 0077, what to do about it?

Post by GJones »

Detailed here:

https://wiki.archlinux.org/index.php/Su ... sive_Umask

One workaround is to put

Code: Select all

Defaults umask = 0022
Defaults umask_override
in sudoers. The problem is that this disables a security feature - the point of unioning the umasks is to prevent users from creating files with more open permissions than they're allowed. This is okay for full sudo access with password authentication, but I think it may open holes if you let your user run passwordless sudo commands.

Another thing you can do is set the umask in root's shell profile. This will only work when you invoke an interactive shell with sudo. OTOH you have to be careful about not doing things like 'sudo slapt-get -i ...'

The best solution IMO would be for the package manager to set umask to 0022 before installing anything. I'm not sure though if that would cause problems with some packages (or more likely SBO build scripts). umask 0022 should not mess anything up, but in reality who knows?

For now I'll probably use the sudoers workaround. It would be nice to figure out a more robust solution though.
Top
Post Reply

Return to “Bugs”