| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261 |
- <?xml version="1.0" encoding='UTF-8'?>
- <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
- <refentry id="pam_umask">
- <refmeta>
- <refentrytitle>pam_umask</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
- <refnamediv id="pam_umask-name">
- <refname>pam_umask</refname>
- <refpurpose>PAM module to set the file mode creation mask</refpurpose>
- </refnamediv>
- <refsynopsisdiv>
- <cmdsynopsis id="pam_umask-cmdsynopsis">
- <command>pam_umask.so</command>
- <arg choice="opt">
- debug
- </arg>
- <arg choice="opt">
- silent
- </arg>
- <arg choice="opt">
- usergroups
- </arg>
- <arg choice="opt">
- nousergroups
- </arg>
- <arg choice="opt">
- umask=<replaceable>mask</replaceable>
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
- <refsect1 id="pam_umask-description">
- <title>DESCRIPTION</title>
- <para>
- pam_umask is a PAM module to set the file mode creation mask
- of the current environment. The umask affects the default
- permissions assigned to newly created files.
- </para>
- <para>
- The PAM module tries to get the umask value from the
- following places in the following order:
- <itemizedlist>
- <listitem>
- <para>
- umask= entry in the user's GECOS field
- </para>
- </listitem>
- <listitem>
- <para>
- umask= argument
- </para>
- </listitem>
- <listitem>
- <para>
- UMASK entry from /etc/login.defs
- </para>
- </listitem>
- <listitem>
- <para>
- UMASK= entry from /etc/default/login
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- The GECOS field is split on comma ',' characters. The module
- also in addition to the umask= entry recognizes pri= entry,
- which sets the nice priority value for the session, and
- ulimit= entry, which sets the maximum size of files the processes
- in the session can create.
- </para>
- </refsect1>
- <refsect1 id="pam_umask-options">
- <title>OPTIONS</title>
- <para>
- <variablelist>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Print debug information.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>silent</option>
- </term>
- <listitem>
- <para>
- Don't print informative messages.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>usergroups</option>
- </term>
- <listitem>
- <para>
- If the user is not root and the username is the same as
- primary group name, the umask group bits are set to be the
- same as owner bits (examples: 022 -> 002, 077 -> 007).
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>nousergroups</option>
- </term>
- <listitem>
- <para>
- This is the direct opposite of the usergroups option described above,
- which can be useful in case pam_umask has been compiled with
- usergroups enabled by default and you want to disable it at runtime.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>umask=<replaceable>mask</replaceable></option>
- </term>
- <listitem>
- <para>
- Sets the calling process's file mode creation mask (umask)
- to <option>mask</option> & 0777. The value is interpreted
- as Octal.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </refsect1>
- <refsect1 id="pam_umask-types">
- <title>MODULE TYPES PROVIDED</title>
- <para>
- Only the <option>session</option> type is provided.
- </para>
- </refsect1>
- <refsect1 id='pam_umask-return_values'>
- <title>RETURN VALUES</title>
- <para>
- <variablelist>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The new umask was set successfully.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_BUF_ERR</term>
- <listitem>
- <para>
- Memory buffer error.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_CONV_ERR</term>
- <listitem>
- <para>
- The conversation method supplied by the application
- failed to obtain the username.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_INCOMPLETE</term>
- <listitem>
- <para>
- The conversation method supplied by the application
- returned PAM_CONV_AGAIN.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SERVICE_ERR</term>
- <listitem>
- <para>
- No username was given.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_USER_UNKNOWN</term>
- <listitem>
- <para>
- User not known.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </refsect1>
- <refsect1 id='pam_umask-examples'>
- <title>EXAMPLES</title>
- <para>
- Add the following line to <filename>/etc/pam.d/login</filename> to
- set the user specific umask at login:
- <programlisting>
- session optional pam_umask.so umask=0022
- </programlisting>
- </para>
- </refsect1>
- <refsect1 id='pam_umask-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
- <refsect1 id='pam_umask-author'>
- <title>AUTHOR</title>
- <para>
- pam_umask was written by Thorsten Kukuk <kukuk@thkukuk.de>.
- </para>
- </refsect1>
- </refentry>
|
