Hi. I want my personal files inaccessible from unprivileged other
accounts. I have already executed the following commands with ~ as
working directory:

find . \( -path ./Public -o -type l \) -prune -o -exec chmod o= {} +
chmod -c o+x .

I now want to change my user's umask from 022 to 027, so new files and directories will also be secure. I have tried adding to ~/.profile the
line

umask 027

and rebooting but it did not work. I tested by, in Emacs (launched from Gnome), creating a new file in my Home and it did not respect the 027
umask.

So, how do I change my user's umask for the entire Gnome session?

Regards

--
- Many people hate injustice but few check the facts; this causes more
injustice. Ask me about <https://stallmansupport.org>
- Please adopt free/libre formats like PDF, Org, LaTeX, ODF, Opus, WebM and 7z. - Libre apps for AOSP (Replicant, LineageOS etc.) and Android: F-Droid
- https://www.gnu.org/philosophy/free-sw.html "What is free software?"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 25 Apr 2023 15:30:37 -0300, Jorge P. de Morais Neto wrote:

I now want to change my user's umask from 022 to 027, so new files and directories will also be secure. I have tried adding to ~/.profile the
line

umask 027

That sets the umask for the shell that runs the profile file, not for
your GNOME session.

and rebooting but it did not work. I tested by, in Emacs (launched from Gnome), creating a new file in my Home and it did not respect the 027
umask.

So, how do I change my user's umask for the entire Gnome session?

Do you have a separate filesystem for /home? If so, the simplest option
is to set umask in its mount options in fstab. This will affect all
users, except root, and it won't affect files you write outside of $HOME.



--
Neil Bothwick

She's fine, upstanding, and wonderful laying down.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEGfLZTV7dXdQXh/dDdCdyyQfftocFAmRIJsYACgkQdCdyyQff tocySA//SZDR/tvpogQqFEDWlK2GPpsGC8///q0VQmMbuVXnoMgJaHI/54e9ygLa 5/DrW0CIzh1pYbCkzRFhO/qfGLzHq3nfO2fbCTTI0LTqxDQnC0gm7xha10o1DvEf 3fbuRWJctiIXpKzJyZurCfwtc86VgctZGADnjiCT3tPN+yCuf+4qimdU8Fmd1F8G 4L3eX2wBRh1F2lWeeAnnboPZNABYZpcxOATFkUT9RLVTihPDm43CUxklfsSVOZh4 ZNSUyFAdtqONf3xtWTCiosOV5vyl61VCgGICY4wwYCXTm+VLQdLuqOtfYErlgyDU 8HLRoye0vyMOS0NuBB5eBZUVApElRj4WEf0L5goukgPA3O9aIbvbWX2bUpa+Y+In XyCo7sCH57EljOnBF8aSk+PjyevspOM0N8ri5Rs1l/WFz2qb7hsGjOxmQhWdJkwH DNbn3QjzllevguNQRJ4MQuEXMWds0XyvbAOo+nHVznIWDIyjvAQGIt7+mY5pj4uS OWroyPA0nabh07Iblzu+p1voFe3zQTjY0XFd2oRxJwNzsFw/UY8hbjLdFoqqAMcQ DLGspgjzwe6RoxMGOm4HaLHBk5g/Z+N8O6d01zziKyzXq6KAsgO4x8FTdSKkqObx X00V+XtRMMS5X0Yxqg9dwdAOmhEjeIwPElpPSzinWv+kt9xCMIs=
=rF++
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

Em [2023-04-25 ter 20:15:18+0100], Neil Bothwick escreveu:

Do you have a separate filesystem for /home? If so, the simplest option
is to set umask in its mount options in fstab. This will affect all
users, except root, and it won't affect files you write outside of $HOME.

That is not documented in the mount manpage as a filesystem-independet
option; it only shows for specific filesystems, none of which I use.
Anyway, I use Btrfs and I have a separate subvolume for /home. I have
tried adding umask=077 (later umask=0077) as fstab option and invoking #

# mount -o remount /home

but in both cases it errored out:

mount: /home: mount point not mounted or bad option.
dmesg(1) may have more information after failed mount system call.

dmesg says:

BTRFS error (device nvme0n1p7: state M): unrecognized mount option 'umask=077'

Regards

--
- Many people hate injustice but few check the facts; this causes more
injustice. Ask me about <https://stallmansupport.org>
- I am Brazilian. I hope my English is correct and I welcome feedback.
- https://www.defectivebydesign.org
- https://www.gnu.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 26 Apr 2023 21:56:23 -0300, Jorge P. de Morais Neto wrote:

Do you have a separate filesystem for /home? If so, the simplest
option is to set umask in its mount options in fstab. This will
affect all users, except root, and it won't affect files you write
outside of $HOME.

That is not documented in the mount manpage as a filesystem-independet option; it only shows for specific filesystems, none of which I use.

That's because it is not filesystem-independent.

Anyway, I use Btrfs and I have a separate subvolume for /home. I have
tried adding umask=077 (later umask=0077) as fstab option and invoking #

# mount -o remount /home

but in both cases it errored out:

Because btrfs does not have that option.

mount: /home: mount point not mounted or bad option.
dmesg(1) may have more information after failed mount system
call.

dmesg says:

BTRFS error (device nvme0n1p7: state M): unrecognized mount option 'umask=077'

As it says.

I think ACLs may be a better fit for your needs.


--
Neil Bothwick

Synonym: a word you use when you can't spell the other one.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEGfLZTV7dXdQXh/dDdCdyyQfftocFAmRKH9AACgkQdCdyyQff todbTw//Us3UzHNu68l5OugoqUNhDbQYM3lWLeYAwuSz2nBR1Gya7lf0jt5TTOT1 RGsyU/kn0StpTpaKjEi5sHm2o6uWWBtpFqlqp5l2cNVu/5ekdwF3rJ2e9Y+3ohqS 22DXhOZbzejTpHul/V6nHSjxQdMOi6BC48uARGOyM/bF6OPrGqSQN+L51Pwxh7qN 8sCyusMeN+a5kKatz7Mtq4GbpzcoAcaeCpfcNTrgQyuBbmw4J3p+IsPvJge4aXqr 72hCVx4mFAQDAwOt7g5D9e5aRhaGyHLq0LiOBqV6R3I6Htox9L2bg03vkisuV91Y RG90fxm+uQRwbfBfN6a4/ld6h1JWQ+ser9/JXVwRECka/u+P3HN+XfpK/qhPbXSn 3rXLxRUaHF2S3G1pAaZpvt3LMhl/5czXyd4CiPadeLO+PgNGq+K0HtJnZww1fp7l 2qYJ6/P3ASlrNv7bbRpJsQQWNgbZFs47HnTynfnAeQSuOTgAcga6bZ+azJJxjGLU v2p5lji3Dg84zZ4DdgkCyT66lMGhtH9vt/m/B1v0Uo5Qqdsho9T2iFEQGA0O2Fs8 UTucpPpkoqXPb0moPMEJU3bB6fd36CZbMsOHWIahCUAtYyszNk3EaJuHNSCIT14F lLjPHSKj29LInJ9WJqhnloZpl3r2611td9NXSYhPzlEd4covAZI=
=45wE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)