Umask in Gnome Session


I’ve setup th umask in “almost” every possible way, in the idea that at some point Nautilus (file manager) would create folders respecting the umask that I setup.

It fails all the time.
I tried in :
in the parent systemd service of the parent process of Nautilus

How can we setup the umask for the whole gnome session ?


Just about everything ran within a gnome session is ran from systemd. To set the umask, pam_umask is an option for processes not launched by systemd. Another option is systemctl edit user@.service


And then restarting your gnome session.

1 Like

Create this file:
with this in it:

It works !!!


On mate (RL9.2) I created the file in /etc/profile.d/ with the line

umask 0002

After reboot new files created with the file browser have permissions rw-rw-r–

I tried that “ in /etc/profile.d/” in Gnome and it did not work.
Good to know it works in Mate.

Aww, three different systems:

  • pam_umask affects only console login, ssh and like – “CLI sessions”
  • /etc/profile.d/*.sh affects (bash) console login, ssh, and shells in (gnome) terminals – all but “GUI apps”
  • user@.service affects gnome (GUI) applications, and console login, ssh, shells in terminals, … (but does not affect root user on CLI)

Looking at systemctl status on GNOME and MATE, the former has “app” (Firefox) under
user@NNN.service, but the latter has it in session-MMM.scope

Using the above quoted method to change the umask also applies to root created files which I do not desire. Thus I had to edit root’s .bash_profile and add the line umask 0022 to revert to the system default. Now in the case of creating the override.conf in

I would want to check if this affects root. I don’t think you want files created by root world writeable

Rather than plain “umask N”, you could have:

if [ $UID -gt 999 ] && [ “id -gn” = “id -un” ]; then
       umask $N
       umask 022

That style was used in RHEL before RHEL 9.

Very true. It did not seem to affect root in my quick test, but it is better that you do verify the result independently.

Can you apply if / then statements to a systemd unit file? I like this script as ti does what is needed and is simple.

I don’t know the unit files that well.

Note though that el9 has in /etc/bashrc:

  if ! shopt -q login_shell ; then # We're not a login shell

    # Set default umask for non-login shell only if it is set to 0
    [ `umask` -eq 0 ] && umask 022

So plain 0000 might not trivially get to non-login shells. That is separate from GUI though.

Interestingly, the documentation for RHEL 9 does not match that. Perhaps it did before RHEL 9.2.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.