How to change the default umask on an AL2 instance


I need to change the default umask from 022 to 077. I have changed the umask in all the files it appears in in /etc/ and it remains 022. I am using PAM so I have added

session    optional umask=0077

to the /etc/pam.d/login file, but that too made no difference. Anyone know how to make this happen?

2개 답변

Which locations did you check - it can be set in any (or all) of /etc/bashrc, /etc/login.defs, /etc/profile, and files under /etc/profile.d/

It can also be in the user's ~/.bashrc or ~/.bash_profile

profile picture
답변함 4달 전
  • I changed the umask from 022 to 077 in the following files. But the default umask remains 022 for every login: /etc/login.defs /etc/cs /etc/csh.cshrc /etc/bashrc /etc/profile /etc/profile.d/ /etc/rc.d/init.d/functions There are no umask entries n any of the files in the user's home directory.

  • Run bash -x to spawn a new shell with debug mode enabled, and don't be surprised if the output is hundreds of lines long. Somewhere in all this is the time(s) that the umask value is checked, and potentially changed.

    It may be easier to go through this output as a file:

    $ script /var/tmp/bash-x.out
    $ bash -x
    $ exit          <--- this exits the shell you just spawned
    $ exit          <--- this exits from the "script" command

    Now you can go through /var/tmp/bash-x.out looking for any instance of umask or UMASK

  • Seeing the output from bash -x is interesting but only thickened the plot. I can see the last time the umask is set, is in fact 077. And inside that shell it really is set to 077. Yet when connecting through the session manager it is 022. See snip below:

    ++ . /etc/profile.d/
    +++ umask 077
    + umask
    ++ printf '\033]0;%s@%s:%s\007' '' ip-172-31-30-111 '~'
    [ssm-user@ip-172-31-30-111 ~]$ exit
    + exit
    sh-4.2$ exit
    Script done, file is /var/tmp/bash-x.out
    sh-4.2$ umask
  • Now it's clear - Session Manager doesn't run bash

    All the files that we're looking at at for setting the environment for a user who uses bash.

    The steps to change Session Manager's login shell to bash are in that linked knowledge document, or you could just run bash from the command line to launch a new bash shell, or you could sudo su - ec2-user to become another user whose login shell is the bash shell.



Did you edit the umask value in the file below?
In my environment, the umask of the newly created user was changed by editing the following file.

sudo vi /etc/bashrc

After updating the file, you need to update it using the following command.

sudo source /etc/bashrc
profile picture
답변함 4달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠