umask
Joshua Oreman
oremanj at get-linux.org
Thu Aug 14 11:18:21 PDT 2003
On Thu, Aug 14, 2003 at 03:42:37PM +0200 or thereabouts, Antoine Jacoutot wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi !
>
> In my way to learn security under FreeBSD, I was wondering if a umask of "066"
> in login.conf was a good or bad idea ?
> Any thoughs ?
> I mean at first, I can't seem to find why this could be wrong, but I'm sure
> there's a reason why the default umask is set to 022.
066 will be *more* secure than 022.
This is because a umask is deducted from the default permission bits of 666 (or 777
for executables) on new files. So a umask of 022 will cause new files to have a mode
of 600 or 711.
Here are some good (and not-so-good) umasks, in order of least- to most-secure:
* 000 (666 or 777 -- PLEASE DO NOT USE)
* 022 (644 or 755 -- default)
* 027 (640 or 750 -- pretty good)
* 077 (600 or 700 -- most secure)
Usually people don't do umasks with a 6 because this can leave *only* executable bits
on some parts of the mode; this is not very useful.
-- Josh
>
> Thanks in advance.
>
> - --
> Antoine Jacoutot
> ajacoutot at lphp.org
> http://www.lphp.org
> PGP/GnuPG key: http://www.lphp.org/ressources/ajacoutot.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (FreeBSD)
>
> iD8DBQE/O5HQY3Hnhkr+5cQRArBzAJ0augtR1of8PZp4jES/0951LNtUZQCfQCjb
> go6GiRqK403T0rbU6fjhCdA=
> =pb9d
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list