Debian umask 默认为 0077

Debian umask 默认为 0077

我之所以注意到这一点,是因为安装时tree注意到了/usr/bin/mandb: can't search directory /usr/local/man/man1/: Permission denied。我检查/usr/local/man/man1并确认它被设置为限制性0700权限。我正在运行 Debian 11 Bullseye。所有用户都受到影响并默认使用0077umask,但没有一个常用文件将其设置为该值。我检查了

  • /etc/profile
  • /etc/bash.bashrc
  • 用户.profile.bashrc
  • 我也搜索过,umask.*77但没有任何结果

这似乎是我系统上的 Debian 默认设置,但它显然会破坏一些东西。我如何恢复0022Debian 文档中提到的默认设置?

任何帮助表示感谢

答案1

默认的“umask”设置在 中/etc/login.defs。请参阅man 5 login.defs了解其说明。

在我的机器上它看起来像这样:

❯ grep -A16 '^# UMASK' /etc/login.defs
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR       0177
KILLCHAR        025
UMASK           022

如果不是这个问题,您应该检查登录服务的 PAM 配置,例如控制台上的“login”或 SSH 的“sshd”,这些配置在目录中进行配置/etc/pam.d/。不要忘记检查“common-*”文件,前者默认包含这些文件!

相关内容