Jay Paulson wrote: > Fedora's default umask is set to 022. Not normally for bash, no: see later. > I need it to be set to 002 so > that different users within the same group can ftp and download the > same file(s). However, I noticed that when I set the umask to 002 it > changes it system wide! I was wondering if this was a security risk? > My network admin wants us to ssh in change the owner of the file using > the sudo chown command, download the file, then change the owner back. > I REALLY don't want to do this for every file that I want to work on. > There has to be a way to change this and I think umask is the way to do > it. The thing is I do not want to go changing the umask of the system > without knowing if it's secure or not. Short answer: Should be OK if you stick to Red Hat's default User Private Group scheme (where each user has their own default group, the home directories are set to that user's private group group, if you want multiple users in the same group you create another group for that purpose, and you use a separate shared directory with the setguid bit set to ensure that files created in that directory by default are created with the directory's group). But I'm worried about exactly what you're doing. How are you changing umask anyway? How are these files being created? You should, in any case, read http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-users-groups-private-groups.html and / or the earlier version of that document, http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-users-groups-private-groups.html Note, too, that umask for bash shells is set in /etc/bashrc (at the top): if you're using Red Hat style User Private Groups, the umask should already be 002. Hope this helps, James. -- James Wilkinson | "Does exactly what it says on the tin." ... Exeter Devon UK | I've got a tin at home: it says "Open other end". E-mail address: james | It never is. @westexe.demon.co.uk | -- Humphrey Lyttelton, "I'm Sorry, I Haven't A Clue"