InfrastructureConstruction:RHEL8:Profile-umask
42.プロファイル-umask関連
前提
/etc/skel/配下のファイル構成は以下の通り。
・.bash_profile
・.bashrc
・.bash_logout
環境変数を読み込むタイミング
上記前提の場合の環境変数を読み込むタイミングは下記となる。
■sshログイン時
1. /etc/profile
2. /etc/profile.d/*.sh
3. ~/.bash_profile
■bash実行時
1. ~/.bashrc
2. /etc/bashrc(~/.bashrcに読み込む記載がある為)
■bashログアウト時
1. .bash_logout
設定案1
初期値は下部に記載しているが、下記2ファイルのumask値を027とする。(rootユーザで新規作成されるファイル、rootユーザ以外で新規作成されるファイル両方とも)
・/etc/profile
・/etc/bashrc
この場合の記載は以下の通りとなる。
#変更前 if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 002 else umask 022 fi #変更後 if [ $UID -gt 0 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 027 else umask 027 fi
http://x68000.q-e-d.net/~68user/unix/pickup?umask
設定案2
①初期値は下部に記載しているが、下記2ファイルのumask値を設定をコメントアウトする。
・/etc/profile
・/etc/bashrc
#変更前 if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 002 else umask 022 fi #変更後 #if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then # umask 002 #else # umask 022 #fi
②/etc/profile.d/配下に.shファイルを作成し、その中でumask値を設定を設定する。
umask値は027とする。(rootユーザで新規作成されるファイル、rootユーザ以外で新規作成されるファイル両方とも)
※/etc/profile内に/etc/profile.d/*.shファイルを読み込む記載がある
この場合の記載は以下の通りとなる。
#設定例 vi /etc/profile.d/90-umask.sh #下記を追記 if [ $UID -gt 0 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 027 else umask 027 fi
初期値
/etc/skel/.bash_profile
# .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs
/etc/skel/.bashrc
# .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # User specific environment if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]] then PATH="$HOME/.local/bin:$HOME/bin:$PATH" fi export PATH # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functions
/etc/skel/.bash_logout
# ~/.bash_logout
/etc/profile
# /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates. pathmunge () { case ":${PATH}:" in *:"$1":*) ;; *) if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi esac } if [ -x /usr/bin/id ]; then if [ -z "$EUID" ]; then # ksh workaround EUID=`/usr/bin/id -u` UID=`/usr/bin/id -ru` fi USER="`/usr/bin/id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER" fi # Path manipulation if [ "$EUID" = "0" ]; then pathmunge /usr/sbin pathmunge /usr/local/sbin else pathmunge /usr/local/sbin after pathmunge /usr/sbin after fi HOSTNAME=`/usr/bin/hostname 2>/dev/null` HISTSIZE=1000 if [ "$HISTCONTROL" = "ignorespace" ] ; then export HISTCONTROL=ignoreboth else export HISTCONTROL=ignoredups fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 077 else umask 077 fi for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do if [ -r "$i" ]; then if [ "${-#*i}" != "$-" ]; then . "$i" else . "$i" >/dev/null fi fi done unset i unset -f pathmunge if [ -n "${BASH_VERSION-}" ] ; then if [ -f /etc/bashrc ] ; then # Bash login shells run only /etc/profile # Bash non-login shells run only /etc/bashrc # Check for double sourcing is done in /etc/bashrc. . /etc/bashrc fi fi
/etc/bashrc
# /etc/bashrc # System wide functions and aliases # Environment stuff goes in /etc/profile # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates. # Prevent doublesourcing if [ -z "$BASHRCSOURCED" ]; then BASHRCSOURCED="Y" # are we an interactive shell? if [ "$PS1" ]; then if [ -z "$PROMPT_COMMAND" ]; then case $TERM in xterm*|vte*) if [ -e /etc/sysconfig/bash-prompt-xterm ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then PROMPT_COMMAND="__vte_prompt_command" else PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' fi ;; screen*) if [ -e /etc/sysconfig/bash-prompt-screen ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen else PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' fi ;; *) [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default ;; esac fi # Turn on parallel history shopt -s histappend history -a # Turn on checkwinsize shopt -s checkwinsize [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " # You might want to have e.g. tty in prompt (e.g. more virtual machines) # and console windows # If you want to do so, just add e.g. # if [ "$PS1" ]; then # PS1="[\u@\h:\l \W]\\$ " # fi # to your custom modification shell script in /etc/profile.d/ directory fi if ! shopt -q login_shell ; then # We're not a login shell # Need to redefine pathmunge, it gets undefined at the end of /etc/profile pathmunge () { case ":${PATH}:" in *:"$1":*) ;; *) if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi esac } # By default, we want umask to get set. This sets it for non-login shell. # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 077 else umask 077 fi SHELL=/bin/bash # Only display echos from profile.d scripts if we are no login shell # and interactive - otherwise just process them to set envvars for i in /etc/profile.d/*.sh; do if [ -r "$i" ]; then if [ "$PS1" ]; then . "$i" else . "$i" >/dev/null fi fi done unset i unset -f pathmunge fi fi # vim:ts=4:sw=4
InfrastructureConstruction/RHEL8/Profile-umask.txt · 最終更新: 2021/01/01 by 127.0.0.1