How to Set a More Restrictive umask Value for Regular Users

The umask utility sets the file permission bits of user-created files. If the default umask value, 022, is not restrictive enough, set a more restrictive mask by using this procedure.

Before You Begin

You must become an administrator who is authorized to edit the skeleton files. The root role is assigned these authorizations. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

1. View the sample files that Oracle Solaris provides for user shell defaults.

   # ls -1a /etc/skel
   .bashrc
   .profile
   local.cshrc
   local.login
   local.profile

2. Set the umask value in the /etc/skel files that you are going to assign to users.

   Choose one of the following values:

   • umask 026 – Provides moderate file protection

     (751) – r for group, x for others

   • umask 027 – Provides strict file protection

     (750) – r for group, no access for others

   • umask 077 – Provides complete file protection

     (700) – No access for group or others

See also

For more information, see the following:

• Managing User Accounts by Using the CLI in Managing User Accounts and User Environments in Oracle Solaris 11.2

• Default umask Value in Securing Files and Verifying File Integrity in Oracle Solaris 11.2

• Selected man pages include useradd(1M) and umask(1).