Ways to set umask on Ubuntu for daemon processes

Create a .profile file in the daemon's home directory:

#!/bin/sh
umask 002

You can find the daemon's home directory by running:

getent passwd daemon | awk -F':' '{ print $6; }'

If that doesn't work, the only other solution I can think of would be to edit the /etc/init.d script.

On Ubuntu 10.04 global default umask settings can be controlled with the pam_umask module.

Some details were found on this blog related to Debian in general: http://muzso.hu/2008/01/22/default-permissions-with-libpam-umask

The pam_umask module is installed by default on Ubuntu 10.04, but needs to be configured.

Edit /etc/pam.d/common-session, adding the line:

session optional pam_umask.so umask=022

Then per user settings can be changed by running the command:

sudo chfn -o "umask=002" daemon_username

to add a umask setting to the GECOS field in /etc/passwd.

This only works for non-interactive, non-login shells such as when a daemon startup script is run at boot.

For login shells umask settings need to be removed from other shell configuration files such as /etc/profile, /etc/login.defs, or users home directory .profile, .bashrc, etc. Otherwise the pam_umask settings are overridden. See the pam_umask man page for the configuration order.

If the service is started via the tool "start-stop-daemon" the umask can be specified at command line level with the parameter "--umask" e.g:

log_daemon_msg "Starting $DESC" "$NAME"
if start-stop-daemon --start --oknodo --exec $DAEMON -b --chuid motion --umask 002 ; then
        log_end_msg 0
    else
        log_end_msg 1
        RET=1
    fi

Adjusting the start-script to read such details from an configuration file might be more transparent than adding user based settings - this of course depends on the startup procedure used for the daemon.

More information can be retrieved from the man-Page: man start-stop-daemon