robinem
Mission Specialist
Mission Specialist
  • 1,619 Views

RHCSA Rapid Track - CH04S05 - root umask even when logged in as standard user

Jump to solution

Hello,

Im following the Rapid Track course, in the lab : Control Access to file, we are expected to have a 0002 umask as every user expect root. But, when you are logged as root (as asked in the lab, using sudo -i) and you switch to a user (say student) using su - student, student will have root umask (0022) and not standard user umask (0002) as stated in /etc/bashrc. There is no umask command in the .bashrc .bash_profile of student user. Is this normal ? Why the lab ask me to log as root and then switch user using su ?

Proof :

umask

0 Kudos
1 Solution

Accepted Solutions
Chetan_Tiwary_
Moderator
Moderator
  • 1,443 Views

Hi @robinem ,

Yes ,what you are stating seems right.

When you use the su command to change users, the new user takes on the prior user's environment, including the umask option. 
In your example, the student user inherits the root user's umask setting of 0022 because you first signed in as root and then changed to the student account via su.
The default system configuration for generating new files and directories is umask, which is not user-specific. 
Shells and other child processes inherit the value of umask, therefore unless explicitly modified, the setting will remain the same for the duration of the process.

I will flag this and see if this needs rectfication.

View solution in original post

0 Kudos
3 Replies
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 1,596 Views

I have no access to the training course, but from you description it seems you are facing the differences between login shells and non-login shells.  If you look at /etc/profile , you'll see a snippet like:

----

if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
  umask 002
else
  umask 022
fi

----

This file is only executed on a non-login shell , eg: 

----

[cloud-user@umask ~]$ id
uid=1000(cloud-user) gid=1000(cloud-user) groups=1000(cloud-user),4(adm),190(systemd-journal) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[cloud-user@umask ~]$ umask   # just connected to the system via ssh.
0022
[cloud-user@umask ~]$ bash --login  # launching a login shell
[cloud-user@umask ~]$ umask
0022
[cloud-user@umask ~]$ bash  # launching a non-login shell
[cloud-user@umask ~]$ umask
0002

-----

 

You can review what bash is doing by launching 'bash -x' instead of just bash. It will output every file that is reading and every script that is executed, to give you some understanding on what is happening.

 

 

 

0 Kudos
robinem
Mission Specialist
Mission Specialist
  • 1,535 Views

The command "su - user" doesn't open a login shell ? I thought that the dash meant "please execute/source bashrc/profile files for this user"

0 Kudos
Chetan_Tiwary_
Moderator
Moderator
  • 1,444 Views

Hi @robinem ,

Yes ,what you are stating seems right.

When you use the su command to change users, the new user takes on the prior user's environment, including the umask option. 
In your example, the student user inherits the root user's umask setting of 0022 because you first signed in as root and then changed to the student account via su.
The default system configuration for generating new files and directories is umask, which is not user-specific. 
Shells and other child processes inherit the value of umask, therefore unless explicitly modified, the setting will remain the same for the duration of the process.

I will flag this and see if this needs rectfication.

0 Kudos
Join the discussion
You must log in to join this conversation.