Translation(s): English - Italiano
umask in Debian
This is a draft page to keep track of the discussions the default umask value in Debian. umask is a program to set file permissions.
Default value
In Trixie pam_umask(8) is enabled by default and usergroups option is activated at build time. So if user primary group is their User Private Group then umask is 002 and 022 otherwise. In Debian 12 Bookworm and earlier umask is 022 by default and value from /etc/login.defs is ignored. It may be reasonable to enable pam_umask.so in PAM settings to make umask configurable and group bits cleared (e.g. 002/022) depending on primary group of particular user.
Umask was set to 022 by base-files until 5.4, where it was changed to 002. However, starting from base-files version 5.7, umask is set by pam_umask, which currently defaults again to 022.
The changes in base-files only took effect on freshly installed systems. An umask of 002 gives write permission to the other group members. By default, Debian uses “user private groups” (UPG). Under this scheme, each user has his own private group, that is not to be shared with any other user.
Discussions about its default value
<m0piQuw-0002dGC.ijackson@nyx.cs.du.edu> (and other threads that month)
<4590656.LvFx2qVVIh@protheus2> umask - default user settings? Sun, 14 Jul 2024 19:09:54 +0200: Demand for 007 or maybe 077 to keep documents private
Related bugs (incomplete list)
Documentation to update
The Debian Reference (UPG is documented 1.2.4. Control of permissions for newly created files: umask with tips to activate via .bashrc)
Issues with a value of 022
Issues with a value of 002
Others
There is a parallel discussion at Ubuntu: https://wiki.ubuntu.com/MultiUserManagement.