Translation(s): English - Italiano

umask in Debian

This is a draft page to keep track of the discussions the default umask value in Debian. umask is a program to set file permissions.

Default value

In Trixie pam_umask(8) is enabled by default and usergroups option is activated at build time. So if user primary group is their User Private Group then umask is 002 and 022 otherwise. In Debian 12 Bookworm and earlier umask is 022 by default and value from /etc/login.defs is ignored. It may be reasonable to enable pam_umask.so in PAM settings to make umask configurable and group bits cleared (e.g. 002/022) depending on primary group of particular user.

Umask was set to 022 by base-files until 5.4, where it was changed to 002. However, starting from base-files version 5.7, umask is set by pam_umask, which currently defaults again to 022.

The changes in base-files only took effect on freshly installed systems. An umask of 002 gives write permission to the other group members. By default, Debian uses “user private groups” (UPG). Under this scheme, each user has his own private group, that is not to be shared with any other user.

Discussions about its default value

Documentation to update

Issues with a value of 022

Issues with a value of 002

Others

There is a parallel discussion at Ubuntu: https://wiki.ubuntu.com/MultiUserManagement.