umask

[fernandel]

I have in /etc/login.conf umask settings to 022. Is it better to have 027 or for the single desktop computer is not important.

Thank you.

 

[gpw928]

The long standing tradition is 022. I guess it came from the collegiate atmosphere at Bell Labs.

If you are worried about others snooping, then 027 makes sense. But you will then have to make a conscious effort to share...

 

[chungy]

or for the single desktop computer is not important.

This is a key statement and one that says it is mostly not important. 022 or 027 would be equally good for a single-user computer.

If you are concerned about unauthorized access, look into locking down the BIOS (so you can't boot from USB or DVD-R) and encrypting the hard disk.

 

[gpw928]

I don't think that "single desktop computer" necessarily implies "single user computer" and even if it does, stuff gets copied around to other hosts, plus there's a variety of other file sharing methods. 027 will eventually cause inconvenience, which may, or may not, be desirable.

 

[a6h]

If you are using locate(1) utility, then keep in mind that locate(1) relies on locate.updatedb(8) to be functional, which in turn runs once a week.
The locate.updatedb(8) utility uses the user 'nobody', to build the locate(1) database. Thus if directories are not readable by user 'nobody', group 'nobody' or others (world) – which is the implication of the number 7 in the 027 umask, then there's a problem. In other words, locate(1) utility won't be able to find files which are resided on directories with 750 persmission, for example.