[sudo-users] Sudoedit umask confusion

asymptosis asymptosis at posteo.net
Wed Sep 11 13:39:27 MDT 2019

Hi all,

My regular user account has a restrictive umask (077). When I create files
with sudoedit or `sudo -e`, it is usually config files under /etc, and so I
want those files to have 0644 permissions.

To enforce this, I have the following stanza in /etc/sudoers:

Defaults umask_override
Defaults umask=0022

This works correctly for regular sudo commands, for example:

$ sudo touch /etc/my-cool-config.conf
$ ls -l /etc/my-cool-config.conf
-rw-r--r-- 1 root root 0 Sep 12 05:06 /etc/my-cool-config.conf

However, sudoedit keeps inheriting 077:

$ sudoedit /etc/some-other-config.conf
$ ls -l /etc/some-other-config.conf
-rw------- 1 root root 0 Sep 12 05:08 /etc/some-other-config.conf

Cringing, I tried `sudo $EDITOR` instead of sudoedit. It does behave in the
way I would prefer:

$ sudo rm /etc/some-other-config.conf
$ sudo vim /etc/some-other-config.conf
$ ls -l /etc/some-other-config.conf
-rw-r--r-- 1 root root 0 Sep 12 05:28 /etc/some-other-config.conf

I've tested this on both Arch Linux and Void Linux. I've also tried varying
the editor. It is the same behaviour whether using vim, vi or nano. A web
search did not find anyone who had similar problems in the past.

Is it working as designed? Is there a way to make sudoedit use a more
permissive umask, consistent with my sudoers config?

More information about the sudo-users mailing list