[Gllug] File permissions and umask on Ubuntu (and I think probably, Debian)

Sat Jan 6 14:42:04 UTC 2007

Dear all,

I've just been visiting a local charity shop, to which I gave an old PC 
running Ubuntu about a year ago.  They'd asked me to set up something 
for them which I thought would be trivial - it wasn't.

Their request was for a shared file area where all the users of the PC 
could put stuff which they all wanted to work on - stock lists and the 
like.  "Easy", I thought, "put them all in a group, make the directory 
belong to the group and set the permissions on the directory to 02775 
(rwxrwsr-x).  That part was fine, but then I discovered something odd - 
although Ubuntu uses the "one group per user" system, it by default has 
the umask set to 0022.  A quick glance at Debian suggests it does the 
same, which seems to defeat the point of having one group per user, and 
breaks the setting up of shared directories as shown above.  (Any user 
can write to the directory, but a file created by one user can't then be 
written to by another.  If a user creates a directory within the shared 
directory, then only that user can put files in it.)  I need to change 
the default umask to 0002 (which is what it should be to start with). 
Here my first question.

Where on a Ubuntu (or Debian) system does one set this?  I've tried 
setting it in /etc/profile, /etc/login.defs and by means of 
libpam-umask.  None of them seems to work - a user who logs in by means 
of gdm and then starts a shell still has a umask of 0022.  If said user 
then does an "su <myself>", the new shell does pick up the right umask, 
but this isn't enough.  Clearly there is another over-riding place where 
it's being set - anyone any idea?

Second question - from observation, it appears that Nautilus (they tend 
to use the graphical interface) obeys the umask and directory settings 
when creating a new directory, but completely ignores them when creating 
a file.  I have a directory called, say, "shared" which is owned by 
"john,mygroup" and has permissions "rwxrwsr-x".  If I do a "touch foo" 
in that directory the new file is created with ownership "john,mygroup" 
as expected, and permissions "rw-r--r--" (matching the current umask of 
0022).  If OTOH I use Nautilus to create the file it has ownership 
"john,john" and permissions "rw-------".  Nautilus seems to override 
both the umask and the parent directory settings.  I can't find any 
settings for Nautilus to correct this behaviour.  Anyone any ideas?

It's difficult to sell non-technical people on Linux as a satisfactory 
desktop solution when a simple problem like this is so hard to solve.

Thanks in advance for any assistance.

John
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug