Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. User
How to set umask for entire Gnome session
jorge+list at disr
Apr 25, 2023, 11:30 AM
Post #1 of 4 (103 views)
Permalink
Hi. I want my personal files inaccessible from unprivileged other
accounts. I have already executed the following commands with ~ as
working directory:

find . \( -path ./Public -o -type l \) -prune -o -exec chmod o= {} +
chmod -c o+x .

I now want to change my user's umask from 022 to 027, so new files and
directories will also be secure. I have tried adding to ~/.profile the
line

umask 027

and rebooting but it did not work. I tested by, in Emacs (launched from
Gnome), creating a new file in my Home and it did not respect the 027
umask.

So, how do I change my user's umask for the entire Gnome session?

Regards

--
- Many people hate injustice but few check the facts; this causes more
injustice. Ask me about <https://stallmansupport.org>
- Please adopt free/libre formats like PDF, Org, LaTeX, ODF, Opus, WebM and 7z.
- Libre apps for AOSP (Replicant, LineageOS etc.) and Android: F-Droid
- https://www.gnu.org/philosophy/free-sw.html "What is free software?"
Re: How to set umask for entire Gnome session [ In reply to ]
neil at digimed
Apr 25, 2023, 12:15 PM
Post #2 of 4 (103 views)
Permalink
On Tue, 25 Apr 2023 15:30:37 -0300, Jorge P. de Morais Neto wrote:

> I now want to change my user's umask from 022 to 027, so new files and
> directories will also be secure. I have tried adding to ~/.profile the
> line
>
> umask 027

That sets the umask for the shell that runs the profile file, not for
your GNOME session.

>
> and rebooting but it did not work. I tested by, in Emacs (launched from
> Gnome), creating a new file in my Home and it did not respect the 027
> umask.
>
> So, how do I change my user's umask for the entire Gnome session?

Do you have a separate filesystem for /home? If so, the simplest option
is to set umask in its mount options in fstab. This will affect all
users, except root, and it won't affect files you write outside of $HOME.



--
Neil Bothwick

She's fine, upstanding, and wonderful laying down.
Re: How to set umask for entire Gnome session [ In reply to ]
jorge+list at disr
Apr 26, 2023, 5:56 PM
Post #3 of 4 (102 views)
Permalink
Hello,

Em [2023-04-25 ter 20:15:18+0100], Neil Bothwick escreveu:

> Do you have a separate filesystem for /home? If so, the simplest option
> is to set umask in its mount options in fstab. This will affect all
> users, except root, and it won't affect files you write outside of $HOME.

That is not documented in the mount manpage as a filesystem-independet
option; it only shows for specific filesystems, none of which I use.
Anyway, I use Btrfs and I have a separate subvolume for /home. I have
tried adding umask=077 (later umask=0077) as fstab option and invoking #

# mount -o remount /home

but in both cases it errored out:

mount: /home: mount point not mounted or bad option.
dmesg(1) may have more information after failed mount system call.

dmesg says:

BTRFS error (device nvme0n1p7: state M): unrecognized mount option 'umask=077'

Regards

--
- Many people hate injustice but few check the facts; this causes more
injustice. Ask me about <https://stallmansupport.org>
- I am Brazilian. I hope my English is correct and I welcome feedback.
- https://www.defectivebydesign.org
- https://www.gnu.org
Re: How to set umask for entire Gnome session [ In reply to ]
neil at digimed
Apr 27, 2023, 12:10 AM
Post #4 of 4 (102 views)
Permalink
On Wed, 26 Apr 2023 21:56:23 -0300, Jorge P. de Morais Neto wrote:

> > Do you have a separate filesystem for /home? If so, the simplest
> > option is to set umask in its mount options in fstab. This will
> > affect all users, except root, and it won't affect files you write
> > outside of $HOME.
>
> That is not documented in the mount manpage as a filesystem-independet
> option; it only shows for specific filesystems, none of which I use.

That's because it is not filesystem-independent.

> Anyway, I use Btrfs and I have a separate subvolume for /home. I have
> tried adding umask=077 (later umask=0077) as fstab option and invoking #
>
> # mount -o remount /home
>
> but in both cases it errored out:

Because btrfs does not have that option.

> mount: /home: mount point not mounted or bad option.
> dmesg(1) may have more information after failed mount system
> call.
>
> dmesg says:
>
> BTRFS error (device nvme0n1p7: state M): unrecognized mount option
> 'umask=077'

As it says.

I think ACLs may be a better fit for your needs.


--
Neil Bothwick

Synonym: a word you use when you can't spell the other one.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal