1

I only noticed this because when I installed tree it noted /usr/bin/mandb: can't search directory /usr/local/man/man1/: Permission denied. I checked /usr/local/man/man1 and confirmed that it's set to a restrictive 0700 permission. I'm running Debian 11 Bullseye. All users are affected and default to a 0077 umask yet none of the common files set it to that value. I checked

  • /etc/profile
  • /etc/bash.bashrc
  • the user's .profile, .bashrc
  • I also grepped for umask.*77 but it didn't lead me anywhere

This seems to be a Debian default on my system but it's obviously breaking things. How do I get the default 0022 that's mentioned in the Debian docs back?

Any help appreciated

bankman22
  • 13
  • 4

1 Answers1

0

The default "umask" is set in /etc/login.defs. See man 5 login.defs for its description.

It looks like this on my machine here:

❯ grep -A16 '^# UMASK' /etc/login.defs
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR       0177
KILLCHAR        025
UMASK           022

If this is not the issue, you should check the PAM configuration for your login service, "login" on the console or "sshd" for SSH for example, which is configured in the /etc/pam.d/ directory. Don't forget to check the "common-*" files, too, the former ones include those bye default!

Alex Barton
  • 1
  • 2