umask override in ~/.profile for root and vagrant

[l0b0]

On my host, where I to the best of my knowledge have never changed the umask:

$ sudo bash -c umask
0022
$ grep ^umask /etc/profile
umask 022

On the Arch Linux Vagrant box:

vagrant@archlinux:~$ sudo bash -c umask
0027
vagrant@archlinux:~$ grep ^umask /etc/profile
umask 022
vagrant@archlinux:~$ sudo grep ^umask /root/.profile
umask 027

Why is this more restrictive than normal?

[terrywang]

Hi @l0b0 the $HOME/.bashrc and $HOME/.profile were copied from my Arch Linux running on my netbook. It is just my long time security best practice (10+ years).

I don't think the default value 0022 is good anyway. 0027 is ONLY moderate, which denies w for group and rwx for others.

$ umask 
0027
$ umask -S
u=rwx,g=rx,o=

In short, this will ensure no other users have read/write/execute access to the files/directories created by $USER.

By using $HOME/.profile it overrides at per user level, feel free to change it ;-D