Bugtraq mailing list archives
Changing default UMASK for all daemons
From: dkelson () INCONNECT COM (Dax Kelson)
Date: Fri, 13 Jun 1997 23:50:18 -0600
This is applicable regarding files created by syslog, ftpd, etc. Dax Kelson Internet Connect, Inc. This is from the Solaris 2.x FAQ: http://www.wins.uva.nl/pub/solaris/solaris2/ 3.48) How can I prevent daemons from creating mode 666 files? By default, all daemons inherit the umask 0 from init. This is most problematic for a service like ftp, which in a standard configuration leaves all uploaded files with mode 666. To get daemons to use another umask execute the following commands in /bin/sh and reboot: umask 022 # make sure umask.sh gets created with the proper mode echo "umask 022" > /etc/init.d/umask.sh for d in /etc/rc?.d do ln /etc/init.d/umask.sh $d/S00umask.sh done Note: the trailing ".sh" of the scriptname is important, if you don't specify it, the script will will be executed in a sub-shell, not in the main shell that executes all other scripts.
Current thread:
- Re: Bug in SGI's /cgi-bin/handler, (continued)
- Re: Bug in SGI's /cgi-bin/handler Yaron Yanay (Jun 15)
- sendmail 8.8.6 released Eric Allman (Jun 14)
- Re: Netscape Exploit Roger Espel Llima (Jun 14)
- Re: Netscape Exploit Micah Brandon (Jun 14)
- Re: Netscape Exploit Manoj Kasichainula (Jun 15)
- rshd gives away usernames David Holland (Jun 13)
- Re: rshd gives away usernames Erik Troan (Jun 13)
- Re: rshd gives away usernames Eric (Jun 13)
- Re: rshd gives away usernames Todd C. Miller (Jun 13)
- Re: rshd gives away usernames Alan Brown (Jun 14)
- Changing default UMASK for all daemons Dax Kelson (Jun 13)
- Re: Changing default UMASK for all daemons Joe Traister (Jun 14)
- Re: Changing default UMASK for all daemons Michael Helm (Jun 14)
- Re: Changing default UMASK for all daemons Tomasz R. Surmacz (Jun 16)
- Re: rshd gives away usernames Christophe Kalt (Jun 14)
- Netscape update on their web site Robert Watson (Jun 13)
- Re: Netscape update on their web site Manoj Kasichainula (Jun 13)
- Netscape Exploit... with technical details. Rusty Conover (Jun 13)
- Security Bulletins Digest Aleph One (Jun 13)