[sudo-users] Sudoedit umask confusion
asymptosis
asymptosis at posteo.net
Wed Sep 11 13:39:27 MDT 2019
Hi all,
My regular user account has a restrictive umask (077). When I create files
with sudoedit or `sudo -e`, it is usually config files under /etc, and so I
want those files to have 0644 permissions.
To enforce this, I have the following stanza in /etc/sudoers:
Defaults umask_override
Defaults umask=0022
This works correctly for regular sudo commands, for example:
$ sudo touch /etc/my-cool-config.conf
$ ls -l /etc/my-cool-config.conf
-rw-r--r-- 1 root root 0 Sep 12 05:06 /etc/my-cool-config.conf
However, sudoedit keeps inheriting 077:
$ sudoedit /etc/some-other-config.conf
$ ls -l /etc/some-other-config.conf
-rw------- 1 root root 0 Sep 12 05:08 /etc/some-other-config.conf
Cringing, I tried `sudo $EDITOR` instead of sudoedit. It does behave in the
way I would prefer:
$ sudo rm /etc/some-other-config.conf
$ sudo vim /etc/some-other-config.conf
$ ls -l /etc/some-other-config.conf
-rw-r--r-- 1 root root 0 Sep 12 05:28 /etc/some-other-config.conf
I've tested this on both Arch Linux and Void Linux. I've also tried varying
the editor. It is the same behaviour whether using vim, vi or nano. A web
search did not find anyone who had similar problems in the past.
Is it working as designed? Is there a way to make sudoedit use a more
permissive umask, consistent with my sudoers config?
More information about the sudo-users
mailing list