You want to make sure you are using a secure umask.
Use the bash built-in umask to set a known good state at the beginning of every script:
1 2 3 4 5 |
# Set a sane/secure umask variable and use it # Note this does not affect files already redirected on the command line # 002 results in 0774 perms, 077 results in 0700 perms, etc... UMASK=002 umask $UMASK |
We set the $UMASK variable in case we need to use different masks elsewhere in the program.
You could just as easily do without it; it’s not a big deal.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# Run a new shell so you don't affect your current environment /tmp$ bash # Check the current settings /tmp$ touch um_current # Check some other settings /tmp$ umask 000 ; touch um_000 /tmp$ umask 022 ; touch um_022 /tmp$ umask 077 ; touch um_077 /tmp$ ls -l um_* -rw-rw-rw- 1 jp jp 0 Jul 22 06:05 um000 -rw-r--r-- 1 jp jp 0 Jul 22 06:05 um022 -rw------- 1 jp jp 0 Jul 22 06:05 um077 -rw-rw-r-- 1 jp jp 0 Jul 22 06:05 umcurrent # Clean up and exit the sub-shell /tmp$ rm um_* /tmp$ exit |