umask

Todd Zullinger tmz at pobox.com
Fri Mar 30 04:31:24 UTC 2007


Kanwar Ranbir Sandhu wrote:
> I tried what you suggested, and in a few other files in /etc/X11 and
> /etc/gdm, but nothing worked.  My custom umask was ignored each and
> every time.

I hadn't tested much when I replied so I was just going by what the
bug report said.  After playing with this it seems that there are
several umask bugs that you might be running into.  So perhaps you can
be more specific about what doesn't work (terminal, nautilus, other
gnome apps like gedit, etc.).

I created a test user and added a ~/.xsession that looked like this:

#!/bin/sh

umask 0027
exec /usr/bin/gnome-session

I set the perms on this to 700 and then logged in via gdm.  I created
a text file with gedit (Applications/Text Editor, in case you use that
menu as infrequently as I do :).  The saved text file had 0640 perms,
which would indicate that my umask got picked up.

However, opening a terminal (gnome-terminal to be specific) and typing
umask shows that the umask there was 0002.  So, I moved the umask 0027
from ~/.xsession to ~/.bash_profile and sourced that in ~/.xsession:

#!/bin/sh

. ~/.bash_profile
exec /usr/bin/gnome-session

I also opened the prefs for gnome-terminal and checked off the "Run
command as a login shell" on the Title and Command tab.  After logging
out and back in, the umask is 0027 in gnome terminal and with gedit.

The other main problem I found is with Nautilus.  There was a bug that
got fixed just recently (in gnome's svn, but not in the 2.16 release
as yet).  This bug caused Nautilus to ignore the umask.  You can check
out that bug for more details and a one line patch:

    http://bugzilla.gnome.org/show_bug.cgi?id=327249

> Guess I'll have to wait for a new Gnome in Fedora before this gets
> fixed.

Maybe, maybe not.  I only looked at the nautilus 2.16 version of the
file that was patched quickly, but it looks like it would probably be
fairly simple to add this patch to the nautilus srpm and rebuild it.

> BTW, that bug history is a joke.  It's been open for two years, and
> typical of Gnome devs, they were discussing if the user really cares
> to have such a feature.  Holy shit.

That's not how I read the comments from gdm maintainer Brian Cameron.
He rejected the proposed patches where the umask calls in gdm were
simply removed because the patcher didn't know if they were needed nor
did Brian (due to the code having been in gdm long before he picked it
up).

He simply suggested that since the bug had been open for so long
without anyone submitting any reasonable patch that it must not really
be a big problem for that many people.  And as he said, it certainly
seems that it is relatively straightforward to get the proper umask
set for the gnome session (nautilus & other app bugs notwithstanding).

I also think it's good that he didn't just accept patches which
removed the umask calls in gdm unless the impact on any files gdm
created during login was determined.  If stripping the umask calls
fixed one easily worked-around problem for users but opened a security
hole for everyone, that wouldn't be a good trade-off.

> Anyway, it's annoying as hell, so hopefully it's fixed soon.  I now
> have to figure out a work around.

I can imagine it is annoying.  Hopefully some of the things I
mentioned above may help a little.  And with RHEL5 out the door, it's
possible that nautilus maintainer and redhat employee Alexander
Larsson might have some time to add the patch to the 2.16 branch of
nautilus or apply the patch to the FC packages.  Might be worth
opening a bugzilla to ask.  (Even better if the bug report had the
patch for the srpm attached and confirmed that it fixed things. :)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
If Stupidity got us into this mess, then why can't it get us out?
    -- Will Rogers (1879-1935)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070330/40250071/attachment-0001.sig>


More information about the fedora-list mailing list