NIS: set default umask

Good day to you all. Please forgive my ignorance in this matter, but
I'd like to get some clarification regarding setting the default umask
value for all Linux PCs in an NIS network.

If I edit /var/yp/Makefile and input:
UMASK = umask 022
.... will that set the default umask for all users/systems on the NIS
network?

If so, is there anything that can override this setting on a per
user/system basis?

If so, is there anything else I can do to prevent the override?

Thanks in advance. :-)

- Ken

On Mar 7, 1:09*am, Ken Teague <"kteague at pobox dot com"> wrote:
> If I edit /var/yp/Makefile and input:
> * * UMASK = umask 022
> ... will that set the default umask for all users/systems on the NIS
> network?

I'm guessing (since I don't have NIS on my machine) that that would
set the umask for the NIS files only.


> If so, is there anything that can override this setting on a per
> user/system basis?

Per system: look in /etc/profile.d and place a umask in the csh/sh
files.


> If so, is there anything else I can do to prevent the override?

If you mean preventing a user from setting their own umask? Probably
not.

Paul

Paul Black wrote:
> I'm guessing (since I don't have NIS on my machine) that that would
> set the umask for the NIS files only.

Gah! That's not what I want. :-( Maybe I should elaborate on my
problem in more detail.

We've got a NetApp filer that is exporting NFS and CIFS and the PC's
that are accessing them are Windows and Linux systems. When a user on a
Linux system creates a new file or directory, the umask is 002 and, as
such, it's not accessible from a Windows box due to the permissions that
are set on it.

Previously, all of these files were on a Linux box running Samba, and
they were owned by, say, userX:userX, and the permissions were set to
rwx for user and group (umask 022). Just to make things easy (and the
same as before), we'd like to make the default umask 022, and this
includes any new Linux boxes that are introduced into the environment.
Of course, setting this on each and every box is a pain. Also, if we
forget to set that, it could lead to a lot of files being owned by an
improper user:group and would be more of a pain to fix the problem it
created.

What is an elegant way to ensure all hosts (current and new) have a
default umask of 022?


>> If so, is there anything else I can do to prevent the override?
>
> If you mean preventing a user from setting their own umask? Probably
> not.

I was aiming more toward a local config file on the host PC overriding
what we may be able to set the umask to via NIS (hope that makes sense
:-). Again, using the "I forgot to modify the umask on this new PC"
scenario.

Thanks for the input, Paul.

- Ken

On Mar 7, 7:02*am, Ken Teague <"kteague at pobox dot com"> wrote:
> We've got a NetApp filer that is exporting NFS and CIFS and the PC's
> that are accessing them are Windows and Linux systems. *When a user on a
> Linux system creates a new file or directory, the umask is 002 and, as
> such, it's not accessible from a Windows box due to the permissions that
> are set on it.

I don't follow that. I've just tried it at work and it's fine.

I'm a little puzzled as what you're after seems to be a umask that
turns off more permissions than the current setup so I don't yet
understand why the file would be inaccessible for the more lax case.


> Also, if we
> forget to set that, it could lead to a lot of files being owned by an
> improper user:group and would be more of a pain to fix the problem it
> created.

Where would this "improper" user:group would come from?

Is it the same user name accessing via CIFS and NFS? (Or at least a
CIFS user name mapped to the local user).

Paul

Paul Black wrote:
> On Mar 7, 7:02 am, Ken Teague <"kteague at pobox dot com"> wrote:
>> When a user on a Linux system creates a new file or directory, the umask is 002 and, as
>> such, it's not accessible from a Windows box due to the permissions that
>> are set on it.
>
> I don't follow that. I've just tried it at work and it's fine.

Sorry, I got my umask mixed up above. I meant to say 022. So, on the
Linux side, when they create a new file or directory with a umask of
022, only the user has access to it -- the group does not. On the
Windows side, they need it to have group permission assigned to it as
well in order to access said file.


> I'm a little puzzled as what you're after seems to be a umask that
> turns off more permissions than the current setup so I don't yet
> understand why the file would be inaccessible for the more lax case.

We need a way to set the default umask to 002 on all current and new PCs
to 002, either through NIS or some configuration option that can be set
on the NetApp filer to override the umask defined on the PCs.

- Ken