linux - How to set system wide umask?

Question

I am working in a lab where we are running Linux (Debian and Ubuntu). Usernames and group names are handled by NIS and yp. We have some common users that everybody has access to that run the experiments and then we each have our own users in addition there is a common group that we are all a member of.

How can I make such that all files and directories on the shared /home/ drive (NFS) is read/write(/executable) by user/group? Basically what I want is

chmod -R 664 /home
chgrp -R commongroup /home

or equivalently umask 0002.

But running the above commands only fixes the current files in the folders and umask only works for single users and has to be run every time a user logs in ie. in the .bashrc file (and will this work for changes mode via gnome?). Is there a system wide command or setting that I could use to make sure that our commongroup has write access to the common files?

Answer 1

Both Debian and Ubuntu ship with pam_umask. This allows you to configure umask in /etc/login.defs and have them apply system-wide, regardless of how a user logs in.

To enable it, you may need to add a line to /etc/pam.d/common-session reading

session optional pam_umask.so

or it may already be enabled. Then edit /etc/login.defs and change the UMASK line to

UMASK           002

(the default is 022).

Note that users may still override umask in their own ~/.profile or ~/.bashrc or similar, but (at least on new Debian and Ubuntu installations) there shouldn't be any overriding of umask in /etc/profile or /etc/bash.bashrc. (If there are, just remove them.)