# umask



## fernandel (Apr 17, 2022)

I have in /etc/login.conf umask settings to 022. Is it better to have 027 or for the single desktop computer is not important.

Thank you.


----------



## gpw928 (Apr 18, 2022)

The long standing tradition is 022.  I guess it came from the collegiate atmosphere at Bell Labs.

If you are worried about others snooping, then 027 makes sense.  But you will then have to make a conscious effort to share...


----------



## chungy (Apr 18, 2022)

fernandel said:


> or for the single desktop computer is not important.


This is a key statement and one that says it is mostly not important. 022 or 027 would be equally good for a single-user computer.

If you are concerned about unauthorized access, look into locking down the BIOS (so you can't boot from USB or DVD-R) and encrypting the hard disk.


----------



## gpw928 (Apr 18, 2022)

I don't think that "single desktop computer" necessarily implies "single user computer" and even if it does, stuff gets copied around to other hosts, plus there's a variety of other file sharing methods.  027 will eventually cause inconvenience, which may, or may not, be desirable.


----------



## a6h (Apr 19, 2022)

If you are using locate(1) utility, then keep in mind that locate(1) relies on locate.updatedb(8) to be functional, which in turn runs once a week.
The locate.updatedb(8) utility uses the user 'nobody', to build the locate(1) database. Thus if directories are not readable by user 'nobody', group 'nobody' or others (world) – which is the implication of the number *7* in the *027 *umask, then there's a problem. In other words, locate(1) utility won't be able to find files which are resided on directories with *750 *persmission, for example.


----------

