How to change the default umask on an AL2 instance


I need to change the default umask from 022 to 077. I have changed the umask in all the files it appears in in /etc/ and it remains 022. I am using PAM so I have added

session    optional umask=0077

to the /etc/pam.d/login file, but that too made no difference. Anyone know how to make this happen?

2 réponses

Which locations did you check - it can be set in any (or all) of /etc/bashrc, /etc/login.defs, /etc/profile, and files under /etc/profile.d/

It can also be in the user's ~/.bashrc or ~/.bash_profile

profile picture
répondu il y a 4 mois
  • I changed the umask from 022 to 077 in the following files. But the default umask remains 022 for every login: /etc/login.defs /etc/cs /etc/csh.cshrc /etc/bashrc /etc/profile /etc/profile.d/ /etc/rc.d/init.d/functions There are no umask entries n any of the files in the user's home directory.

  • Run bash -x to spawn a new shell with debug mode enabled, and don't be surprised if the output is hundreds of lines long. Somewhere in all this is the time(s) that the umask value is checked, and potentially changed.

    It may be easier to go through this output as a file:

    $ script /var/tmp/bash-x.out
    $ bash -x
    $ exit          <--- this exits the shell you just spawned
    $ exit          <--- this exits from the "script" command

    Now you can go through /var/tmp/bash-x.out looking for any instance of umask or UMASK

  • Seeing the output from bash -x is interesting but only thickened the plot. I can see the last time the umask is set, is in fact 077. And inside that shell it really is set to 077. Yet when connecting through the session manager it is 022. See snip below:

    ++ . /etc/profile.d/
    +++ umask 077
    + umask
    ++ printf '\033]0;%s@%s:%s\007' '' ip-172-31-30-111 '~'
    [ssm-user@ip-172-31-30-111 ~]$ exit
    + exit
    sh-4.2$ exit
    Script done, file is /var/tmp/bash-x.out
    sh-4.2$ umask
  • Now it's clear - Session Manager doesn't run bash

    All the files that we're looking at at for setting the environment for a user who uses bash.

    The steps to change Session Manager's login shell to bash are in that linked knowledge document, or you could just run bash from the command line to launch a new bash shell, or you could sudo su - ec2-user to become another user whose login shell is the bash shell.



Did you edit the umask value in the file below?
In my environment, the umask of the newly created user was changed by editing the following file.

sudo vi /etc/bashrc

After updating the file, you need to update it using the following command.

sudo source /etc/bashrc
profile picture
répondu il y a 4 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions