| View previous topic :: View next topic |
| Author |
Message |
nagmat84
Apprentice
Joined: 27 Mar 2007
Posts: 262
|
 Posted: Sun Jun 09, 2024 8:40 am Post subject: How to set umask with pam_umask for KDE 5? |
 |
|
How do I set the umask via pam_umask such that it affects both console and Plasma/KDE 5 sessions?
I have a several users each with their own user groups and a common group (e.g. family) which is the owning group of shared directory with setgid flag enabled. I want files and subdirectories in that directory to be created group-writable. Hence, I want to set the umask for those user to 007. (022 seems to be the default.)
I started with a fresh Gentoo installation, hence /etc/login.defs was the only place with a umask-related setting. No other scrips (profile, bashrc, etc.) changed umask. I tried several approaches. None did really succeed. I finally found a "hackish" solution which I do not like and which has some drawbacks.
1st attempt: pam_unix.so - preferred but not working
As my first attempt, I added | Code: | | session optional pam_umask.so usergroups |
to /etc/pam.d/system-login and called chfn -o umask=007 <uid> for each relevant user. I wanted to keep UMASK=022 in /etc/login.defs as the fallback default and only overwrite the umask on a per-user basis via /etc/passwd. This attempt did not work for KDE5. If a user created a new file via the KDE5 GUI (e.g. right mouse click in Dolphin follwed by new file, or saved a new file via a KDE application), the file was still created with umask 022.
2nd attempt: global setting in /etc/login.defs - no tworking either
For test purposes my second attempt was to change UMASK in /etc/login.defs to 007 directly, just to check whether KDE5 honors the setting at all. No luck with that either. A KDE5 session still used 022.
3rd attempt: tweaking various scripts in home directories - not preferred, and not working either
My third attempt was to twiddle with the following files directly ~/.bashrc, ~/.profile and ~/.xprofile. As expected, the first two only affected CLI sessions. ~/.xprofile had no effect at all. It seems it was used by KDE 4, but not KDE 5.
4th attempt: nasty working around with SystemD, working but ugly
The only working solution I was able to find is SuperUser: Change default umask for KDE. I created /etc/systemd/user/plasma-plasmashell.service.d/override.conf with | Code: | [Service]
UMask=0007 |
The explanation in that answer makes a lot of sense to me: the Plasma shell is directly started by systemd and all KDE applications inherit the umask setting of that Plasma shell. On startup, the service neither honors PAM settings nor any script file.
While this solution (temporarily) achieved what I wanted, I don't like the solution. It is rather convoluted and it modifies the umask on a global level for all KDE sessions and all users. It does not allow to set the umask on a per-user basis. |
|
| Back to top |
|
 |
nagmat84
Apprentice
Joined: 27 Mar 2007
Posts: 262
|
| Posted: Mon Jun 10, 2024 6:13 pm Post subject: |
|
|
I solved the problem. The PAM configuration /etc/pam.d/system-login is not included by /etc/pam.d/systemd-user and /etc/pam.d/sddm-greeter. I had to add the line | Code: | | session optional pam_umask.so usergroups |
to- /etc/pam.d/system-auth, and
- /etc/pam.d/sddm-greeter
to make it work. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Desktop Environments
