Solved: Re: RHCSA Rapid Track - CH04S05 - root umask even ...

robinem · ‎03-13-2023

Hello,

Im following the Rapid Track course, in the lab : Control Access to file, we are expected to have a 0002 umask as every user expect root. But, when you are logged as root (as asked in the lab, using sudo -i) and you switch to a user (say student) using su - student, student will have root umask (0022) and not standard user umask (0002) as stated in /etc/bashrc. There is no umask command in the .bashrc .bash_profile of student user. Is this normal ? Why the lab ask me to log as root and then switch user using su ?

Proof :

Chetan_Tiwary_ · ‎04-04-2023

Hi @robinem ,

Yes ,what you are stating seems right.

When you use the su command to change users, the new user takes on the prior user's environment, including the umask option.

In your example, the student user inherits the root user's umask setting of 0022 because you first signed in as root and then changed to the student account via su.

The default system configuration for generating new files and directories is umask, which is not user-specific.

Shells and other child processes inherit the value of umask, therefore unless explicitly modified, the setting will remain the same for the duration of the process.

I will flag this and see if this needs rectfication.

View solution in original post

Fran_Garcia · ‎03-14-2023

I have no access to the training course, but from you description it seems you are facing the differences between login shells and non-login shells. If you look at /etc/profile , you'll see a snippet like:

----

if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi

----

This file is only executed on a non-login shell , eg:

----

[cloud-user@umask ~]$ id
uid=1000(cloud-user) gid=1000(cloud-user) groups=1000(cloud-user),4(adm),190(systemd-journal) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[cloud-user@umask ~]$ umask # just connected to the system via ssh.
0022
[cloud-user@umask ~]$ bash --login # launching a login shell
[cloud-user@umask ~]$ umask
0022
[cloud-user@umask ~]$ bash # launching a non-login shell
[cloud-user@umask ~]$ umask
0002

-----

You can review what bash is doing by launching 'bash -x' instead of just bash. It will output every file that is reading and every script that is executed, to give you some understanding on what is happening.

robinem · ‎03-18-2023

The command "su - user" doesn't open a login shell ? I thought that the dash meant "please execute/source bashrc/profile files for this user"

Chetan_Tiwary_ · ‎04-04-2023

Hi @robinem ,

Yes ,what you are stating seems right.

When you use the su command to change users, the new user takes on the prior user's environment, including the umask option.

In your example, the student user inherits the root user's umask setting of 0022 because you first signed in as root and then changed to the student account via su.

The default system configuration for generating new files and directories is umask, which is not user-specific.

Shells and other child processes inherit the value of umask, therefore unless explicitly modified, the setting will remain the same for the duration of the process.

I will flag this and see if this needs rectfication.

RHCSA Rapid Track - CH04S05 - root umask even when logged in as standard user