Umask in Gnome Session

alchemy24 · September 26, 2023, 4:56pm

Hi,

I’ve setup th umask in “almost” every possible way, in the idea that at some point Nautilus (file manager) would create folders respecting the umask that I setup.

It fails all the time.
I tried in :
/etc/bashrc
/etc/profile
~/.bashrc
~/.bash_profile
in the parent systemd service of the parent process of Nautilus
etc…

How can we setup the umask for the whole gnome session ?

Thanks

nazunalika · September 26, 2023, 5:26pm

Just about everything ran within a gnome session is ran from systemd. To set the umask, pam_umask is an option for processes not launched by systemd. Another option is systemctl edit user@.service…

[Service]
UMask=027

And then restarting your gnome session.

alchemy24 · September 26, 2023, 6:11pm

Create this file:
/etc/systemd/system/user@.service.d/override.conf
with this in it:
[Service]
UMask=000

It works !!!

Thanks

jbkt23 · September 26, 2023, 6:28pm

On mate (RL9.2) I created the file umask.sh in /etc/profile.d/ with the line

umask 0002

After reboot new files created with the file browser have permissions rw-rw-r–

alchemy24 · September 26, 2023, 6:44pm

I tried that “umask.sh in /etc/profile.d/” in Gnome and it did not work.
Good to know it works in Mate.

jlehtone · September 28, 2023, 8:01am

Aww, three different systems:

pam_umask affects only console login, ssh and like – “CLI sessions”
/etc/profile.d/*.sh affects (bash) console login, ssh, and shells in (gnome) terminals – all but “GUI apps”
user@.service affects gnome (GUI) applications, and console login, ssh, shells in terminals, … (but does not affect root user on CLI)

Looking at systemctl status on GNOME and MATE, the former has “app” (Firefox) under
user@NNN.service, but the latter has it in session-MMM.scope

jbkt23 · September 29, 2023, 5:49pm

Using the above quoted method to change the umask also applies to root created files which I do not desire. Thus I had to edit root’s .bash_profile and add the line umask 0022 to revert to the system default. Now in the case of creating the override.conf in

I would want to check if this affects root. I don’t think you want files created by root world writeable

jlehtone · September 30, 2023, 1:19pm

Rather than plain “umask N”, you could have:

if [ $UID -gt 999 ] && [ “id -gn” = “id -un” ]; then
       umask $N
else
       umask 022
fi

That style was used in RHEL before RHEL 9.

Very true. It did not seem to affect root in my quick test, but it is better that you do verify the result independently.

jbkt23 · October 1, 2023, 1:28am

Can you apply if / then statements to a systemd unit file? I like this script as ti does what is needed and is simple.

jlehtone · October 2, 2023, 5:41am

I don’t know the unit files that well.

Note though that el9 has in /etc/bashrc:

  if ! shopt -q login_shell ; then # We're not a login shell

    # Set default umask for non-login shell only if it is set to 0
    [ `umask` -eq 0 ] && umask 022

So plain 0000 might not trivially get to non-login shells. That is separate from GUI though.

Interestingly, the documentation for RHEL 9 does not match that. Perhaps it did before RHEL 9.2.

system · December 1, 2023, 5:42am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rocky 8.6 : file explorer application permission behavior Rocky Linux General	4	1051	August 25, 2023
Adding SystemWide Gnome Extension not working Rocky Linux General	7	990	August 25, 2023
Rocky 8.5, GNOME-Classic, and Guacamole Rocky Linux General	3	561	August 25, 2023
Moving onto Rocky 9 from a non-Gnome non-KDE system Rocky Linux General	6	712	August 25, 2023
Can't open Terminal application in Rocky Linux Rocky Linux General	14	4626	August 25, 2023

Umask in Gnome Session

Related Topics