20

Under AIX I can check the umask for all users with: 

cut -d : -f 1 /etc/passwd | while read ONELINE; do lsuser -a umask "$ONELINE"; done

But how can I check the umask setting for all users under Linux? (su to every user and then umask command? Are there any better ways for it?)

UPDATE1:

It's not the best to su to all users, because on some RHEL servers the default shell for a few user is halt/shutdown..: 

shutdown:x:6:0:shutdown;asdf;asdf;F:/sbin:/sbin/shutdown

so if I su to the user... then the server shuts down?

UPDATE2: I created a bounty for a non-su based answer.

slm
  • 369,824
gasko peter
  • 5,514

2 Answers2

15

The umask is typically set system wide through the config file: /etc/login.defs:

$ grep UMASK /etc/login.defs 
UMASK           077

This value can be overridden but typically is not through either /etc/bashrc, /etc/profile and/or by the users in their $HOME/.bashrc (Assuming they're using Bash).

If you grep for "umask" in those aforementioned files you'll also notice this on RHEL boxes:

$ grep umask /etc/bashrc /etc/profile
/etc/bashrc:    # By default, we want umask to get set. This sets it for non-login shell.
/etc/bashrc:       umask 002
/etc/bashrc:       umask 022
/etc/profile:# By default, we want umask to get set. This sets it for login shell
/etc/profile:    umask 002
/etc/profile:    umask 022

Digging deeper:

  • /etc/bashrc

    # By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
   umask 002
else
   umask 022
fi

  • /etc/profile

    # By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi

So at least on RHEL system's the umask is either 002 if your UID is greater than 199, and 022 otherwise (system accounts).

slm
  • 369,824
  • For Ubuntu and (probably) Debian-based systems, you should do this in ~/.profile, which has the default value commented at the top of the file for you to uncomment and modify on a per-user basis. – code_dredd Jun 05 '18 at 19:24
11

You can check using (execute as root) :

for user in $(awk -F: '{print $1}' /etc/passwd); 
do 
    printf "%-10s" "$user" ; su -c 'umask' -l $user 2>/dev/null
done

To avoid checking system user do :

for user in $(awk -F: '( $3 >= 500 ){print $1}' /etc/passwd); 
do 
    printf "%-10s" "$user" ; su -c 'umask' -l $user 2>/dev/null
done

OutPut:

ram       0022
shyam     0022
suraj     0022
vinayak   0022
javed     0022
noraj
  • 340
Rahul Patil
  • 24,711