sudo and umask 077 2014-01-07 22:28:52


I prefer to set my umask to 077 so no one can read my files. For the most part, using sudo (which inherits the umask) works just fine. Except when using e.g. vim sudo where it make sense to respect the umask, I hadn't run into trouble. Until now.

It seems sudo update-alternatives results in /var/lib/dpkg/alternatives/* no longer being readable by anyone but root, which is not quite what I intended. So I had to figure out how to make sudo play nice with umask without setting a default umask in the sudoers file.

The solution I came up with: umask 022 in ~root/.profile and using sudo -i when I don't want my user's umask to be used.

- Felix