I am working in a lab where we are running Linux (Debian and Ubuntu). Usernames and group names are handled by NIS and yp. We have some common users that everybody has access to that run the experiments and then we each have our own users in addition there is a common group that we are all a member of.
How can I make such that all files and directories on the shared /home/
drive (NFS) is read/write(/executable) by user/group? Basically what I want is
chmod -R 664 /home chgrp -R commongroup /home
or equivalently umask 0002
.
But running the above commands only fixes the current files in the folders and umask only works for single users and has to be run every time a user logs in ie. in the .bashrc
file (and will this work for changes mode via gnome?). Is there a system wide command or setting that I could use to make sure that our commongroup has write access to the common files?
To change your umask during your current session only, simply run umask and type your desired value. For example, running umask 077 will give you read and write permissions for new files, and read, write and execute permissions for new folders.
umask 0022 would make the new mask 0644 (0666-0022=0644) meaning that group and others have read (no write or execute) permissions. The "extra" digit (the first number = 0), specifies that there are no special modes.
Both Debian and Ubuntu ship with pam_umask. This allows you to configure umask in /etc/login.defs
and have them apply system-wide, regardless of how a user logs in.
To enable it, you may need to add a line to /etc/pam.d/common-session
reading
session optional pam_umask.so
or it may already be enabled. Then edit /etc/login.defs
and change the UMASK
line to
UMASK 002
(the default is 022
).
Note that users may still override umask in their own ~/.profile
or ~/.bashrc
or similar, but (at least on new Debian and Ubuntu installations) there shouldn't be any overriding of umask in /etc/profile
or /etc/bash.bashrc
. (If there are, just remove them.)
First, make sure that the pam-modules
package is installed. That makes the pam_umask
module available. Then make sure that /etc/pam.d/common-session
has a line of the form
session optional pam_umask.so
so that pam_umask
is enabled.
Now, according to the pam_umask
man page, the default umask is determined at login by checking each of the following places, in order:
A hard system-wide default set in /etc/pam.d/common-session
. To set it this way, replace the line from that file mentioned above with this:
session optional pam_umask.so umask=002
An entry in an individual user's GECOS field in /etc/passwd
overrides a soft system-wide default for that specific user. Create that entry using a command of the form:
chfn --other='umask=002' username
An line of the form UMASK=002
in /etc/default/login
(you may need to create that file) sets a soft system-wide default.
The UMASK
value from /etc/login.defs
. That value is also used for something else (computing the permissions on the home directory of a new user that is being created; see the comments in /etc/login.defs
for more details). So it is best to avoid relying on this for setting the default umask for regular logins, to keep things separate.
So in your case, you should configure this either in /etc/default/login
if you want it to be possible to override the setting for individual users, or set it in /etc/pam.d/common-session
as described above if you want it to be the same for all users.
Note that even with the hard default setting, users can still override the default umask
manually by using the umask
command at the shell prompt or in their .profile
script.
Also note that the traditional Unix way to set this default is by adding a umask
command to /etc/profile
, and that would also still work. But it's not the recommended way to configure things like this on Ubuntu, because that is hard to manage reliably using scripts and GUIs.
Note, unfortunately this stopped working for any application which has been converted to launch via systemd --user
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With