{"id":87,"date":"2011-10-18T21:39:39","date_gmt":"2011-10-18T19:39:39","guid":{"rendered":"https:\/\/blogs.gentoo.org\/mgorny\/?p=87"},"modified":"2011-10-18T22:28:34","modified_gmt":"2011-10-18T20:28:34","slug":"027-umask-a-compromise-between-security-and-simplicity","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/mgorny\/2011\/10\/18\/027-umask-a-compromise-between-security-and-simplicity\/","title":{"rendered":"027 umask \u2014 a compromise between security and simplicity"},"content":{"rendered":"<p>Gentoo systems are shipped by default with <code>umask 022<\/code> set in <code>\/etc\/profile<\/code>. It is documented there as <q>quite realistic<\/q> setting, in contrary to <code>umask 077<\/code> which would be <q>more secure<\/q>. I personally disagree with this opinion, saying that <code>022<\/code> is basically suitable only for 100% desktop, single user systems. For a more common case of desktops, I&#8217;d stick with <code>027<\/code> instead.<\/p>\n<h2>What is an umask?<\/h2>\n<p>Wikipedia seems to have <a rel=\"external\" href=\"http:\/\/en.wikipedia.org\/wiki\/Umask\">a pretty detailed explanation of umasks<\/a>. Keeping it short, umask is a per-session setting which decides what permissions are set on newly-created files. Or, to be more exact, which permissions are removed from those files by default.<\/p>\n<p>The <code>022<\/code> umask means that all users are allowed to read (and execute) files newly-created by the affected user but only the owner will be able to write them. On the contrary, <code>077<\/code> means that noone but the owner is able to read or execute newly-created files.<\/p>\n<p>As the umask setting often involves configuration files as well, setting <code>022<\/code> globally means that other users will be able to read private user configuration files. On the other hand, <code>077<\/code> means that creating files intended for public reuse will always require using <code>chmod<\/code> to re-adjust the permissions.<\/p>\n<h2>What would 027 change?<\/h2>\n<p>The <code>027<\/code> umask setting means that the owning group would be allowed to read the newly-created files as well. This moves the permission granting model a little further from dealing with permission bits and bases it on group ownership.<\/p>\n<p>First of all, we assume that each real user has his\/her own, private, default group. All newly-created files \u2014 including configuration files \u2014 belong to that group. Considering that the only member of the group is user him-\/herself, the files are not readable by anyone else.<\/p>\n<p>Secondly, if some files are intended to be used by a specific group of users (and services), such a permission model can be easily achieved using auxiliary groups. For example, I keep the Portage tree owned by myself and the <code>portage<\/code> group. This way, I can perform <code>emerge --sync<\/code> using my restricted user and the resulting tree can be re-used by Portage when it drops privileges.<\/p>\n<p>The group model has an additional advantage here. If you set the <code>setgid<\/code> bit on a directory, all newly-created files inside it will automatically belong to the same group as the parent directory. In other words, after performing:<\/p>\n<pre lang=\"bash\">chown -R :portage \/usr\/portage\r\nfind \/usr\/portage -type d -exec chmod g+s {} +<\/pre>\n<p>all newly-created files inside <code>\/usr\/portage<\/code> will automatically become readable to <code>portage<\/code> group.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gentoo systems are shipped by default with umask 022 set in \/etc\/profile. It is documented there as quite realistic setting, in contrary to umask 077 which would be more secure. I personally disagree with this opinion, saying that 022 is basically suitable only for 100% desktop, single user systems. For a more common case of &hellip; <a href=\"https:\/\/blogs.gentoo.org\/mgorny\/2011\/10\/18\/027-umask-a-compromise-between-security-and-simplicity\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;027 umask \u2014 a compromise between security and simplicity&#8221;<\/span><\/a><\/p>\n","protected":false},"author":137,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[3],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/87"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/users\/137"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/comments?post=87"}],"version-history":[{"count":7,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/87\/revisions"}],"predecessor-version":[{"id":93,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/87\/revisions\/93"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/media?parent=87"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/categories?post=87"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/tags?post=87"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}