Ubuntu Demon(Roald Hopman): Default umask
This is a respons to Aaron Toponce’s blog post about a better default for umask.
The most secure umask is 077 which will give newly created files the default permissions of rw———- and will give newly created directories the default permissions of rwx———. If a user needs a file to be readable for others he can simply change the permissions of such a file. This assumes a user understands how to change the permissions of a file.
The easiest umask for new users is 022 which will give newly created files the default permissions of rw-r—r— and will give newly created directories the default permissions of rwxr-xr-x. This umask is easier for the user because the user doesn’t have to play with permissions to make a file available for reading to others. This assumes a user understands his files can be read by other users so he needs to trust his fellow users.
The most sensible umask for new users is 022 while the most sensible umask for experienced users is 077. Experienced users are likely to be able to change permissions of files and are likely to be able to change the default umask. Ubuntu attracts all kinds of users including users without any experience with Linux. Ubuntu should care about new users which is why in my humble opinion the default umask for Ubuntu should be 022 (which it is). Since Debian users are more likely to be experienced users the default umask for Debian should be 077 in my humble opinion.
In my humble opinion experienced users should change the default umask to 077. You can change the system-wide default umask in /etc/profile. Users can override the system-wide default umask in their ~/.bash_profile (via luKas’ shared items in Google Reader)