On Mon, 19 Jun 2017 05:49:20 +0800
Ed Greshko <ed.greshko(a)greshko.com> wrote:
You haven't described your environment. Without that knowledge
any
advice on umask is questionable. Remember, umask isn't, and never
was, intended to be a high security mechanism.
Home workstation with no web facing services. I could probably get away
with a umask of 000. Even for root. But it just seems wrong to give
world read access to home files for a user, by default.
I think of security as layers, and good practices. While umask might
not be a high security mechanism, there is no need to leave it weaker
than it has to be. It seems to me that linux depends a lot on file
permissions for security, particularly for root.
Thanks for your thoughts.