4

I want a separate umask for a directory or a user. How can I do this?

Edit: I am using Debian 6.

The reason why I want to do this is, I want all my SFTP users to create files with write on group. I am using a SFTP client to test to see if the umask is setting properly.

Gilles 'SO- stop being evil'
  • 829,060
Strawberry
  • 161

3 Answers3

6

For directories, what may work for you is using Extended ACLs and the masks, if you're on Linux.

You can have a separate umask for each user by putting the umask xxx command into their ~/.profile.

MikeyB
  • 1,309
  • 10
  • 16
  • Why might I be getting this error Operation not supported? setfacl -d -m m:002 /srv/www/domain.com/public_html/ – Strawberry Aug 09 '11 at 23:27
  • I was following this guide (http://www.debianhelp.co.uk/acl.htm) and I couldn't mount the /dev/hda6 because its not there. I am on a VPS. – Strawberry Aug 10 '11 at 00:05
  • /dev/hda6 is the device node in the example on that page… odds are your server is different. You need to add the 'acl' option to the appropriate mountpoint in /etc/fstab and remount it (mount -o remount,acl /dev/whatever /srv) – MikeyB Aug 10 '11 at 01:35
  • I don't know what I should be adding to the fstab, so I cannot implement this properly. Could you please help me? – Strawberry Aug 10 '11 at 05:20
1

You need this to set default permissions for a particular system group in a folder,right? Check this existing thread for the same question which covers this in detail.

Community
  • 1
SparX
  • 111
0

Update: Sorry, my solution doesn't meet your requirement. The following answer only solves the need from the user's side, not from the manager's side to force umask under specific dir for other users.

Provide anther solution implemented with shell hooks and direnv for specific directory. The following solution may be more compatible in case setfacl is not available on your system. (e.g. macOS)

direnv is an environment switcher for the shell. It knows how to hook into bash, zsh, tcsh, fish shell and elvish to load or unload environment variables depending on the current directory.

Use .envrc to export custom umask value for specific dir, and the exported env var will be unloaded when you leave that dir.

# example .envrc file
export UMASK=0022

Define a hook to change the umask value once working dir is changed.

function _umask_hook {
  if [[ -n $UMASK ]]; then
    umask "$UMASK"
  elif [[ $OSTYPE == darwin* ]]; then
    umask 0077
  else
    umask 0022
  fi
}

# To make the code more reliable on detecting the default umask
function _umask_hook {
  # Record the default umask value on the 1st run
  [[ -z $DEFAULT_UMASK ]] && export DEFAULT_UMASK="$(builtin umask)"

  if [[ -n $UMASK ]]; then
    umask "$UMASK"
  else
    umask "$DEFAULT_UMASK"
  fi
}

# zsh hooks
# trigger _umask_hook once working dir is changed
add-zsh-hook chpwd _umask_hook

# bash
# Append `;` if PROMPT_COMMAND is not empty
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND;}_umask_hook"

For the time being, direnv hook initialization for zsh doesn't support chpwd hook. If the pull request GH-514 has not been merged when you see this page. Please comment out eval "$(direnv hook zsh)" and hook direnv on chpwd manually with following code,

if (( $+commands[direnv] )) && ! (( $+functions[_direnv_hook] )); then
  _direnv_hook() {
    eval "$(command "direnv" export zsh)";
  }
  typeset -agU precmd_functions;
  if [[ -z ${precmd_functions[(r)_direnv_hook]} ]]; then
    precmd_functions=( _direnv_hook ${precmd_functions[@]} )
  fi

  typeset -agU chpwd_functions;
  if [[ -z ${chpwd_functions[(r)_direnv_hook]} ]]; then
    chpwd_functions=( _direnv_hook ${chpwd_functions[@]} )
  fi
fi

Source: dynamic-umask-based-on-cwd.md

Simba
  • 1,682