Umask

We notice that by default, files created by a new DreamHost user have UNIX permission 664 and directories have permission 775. This is because the umask is 002,

$ umask 0002 $

Because all users in one account share the same UNIX group, this value of the umask is useful because files and directories created by one user are writable by all other users in the account

Unfortunately, we recently started noticing files and directories getting created with UNIX permission 644 and 755. Consequently these files and directories were not writable by other users in the account.

After some investigation, we learned that when we login with SSH, the umask is 002,

% ssh -X foo@example.com $ umask 0002 $

- but when we run commands with SSH without logging in, the umask is 022:

% ssh -X foo@example.com umask 0022 %

This is because the umask is set in the default .bash_profile,

$ cat .bash_profile umask 002 PS1='[\h]$ ' $
 * 1) ~/.bash_profile: executed by bash(1) for login shells.

.bash_profile is executed by bash(1) for login shells, and .bashrc is executed by bash(1) for non-login shells

To remedy the problem, so files and directories created by login and non-login shells are writable by all other users in the account, we moved the umask configuration from .bash_profile to .bashrc,

$ cat .bashrc umask 002 $
 * 1) ~/.bashrc: executed by bash(1) for non-login shells.

- and we replaced the default .bash_profile with the .bash_profile from /etc/skel/.bash_profile:

$ cat .bash_profile if [ -f ~/.bashrc ]; then . ~/.bashrc fi if [ -d ~/bin ] ; then PATH=~/bin:"${PATH}" fi $
 * 1) ~/.bash_profile: executed by bash(1) for login shells.
 * 2) see /usr/share/doc/bash/examples/startup-files for examples.
 * 3) the files are located in the bash-doc package.
 * 1) the default umask is set in /etc/login.defs
 * 2) umask 022
 * 1) include .bashrc if it exists
 * 1) set PATH so it includes user's private bin if it exists

This .bash_profile includes .bashrc if it exists

Now the umask is 002 for login and non-login shells, and our files and directories are writable by all users in our account