From 60bcb45927f18de637c3c9d5d7cc13f0c974523c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 14 Sep 2020 11:03:59 +0200 Subject: [PATCH] man: rework UMask= explanation Mention the JSON user record stuff. Mention pam_umask explicitly. Mention that UMask= of the per-user user@.service instance can be used too. Fixes: #16963 --- man/systemd.exec.xml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index d2279a9b9a..8be6a1aadd 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -863,12 +863,17 @@ CapabilityBoundingSet=~CAP_B CAP_C Controls the file mode creation mask. Takes an access mode in octal notation. See umask2 for - details. Defaults to 0022 for system units. For units of the user service manager the default value - is inherited from the user instance (whose default is inherited from the system service manager, and - thus also is 0022). Hence changing the default value of a user instance, either via - UMask= or via a PAM module, will affect the user instance itself and all user - units started by the user instance unless a user unit has specified its own - UMask=. + details. Defaults to 0022 for system units. For user units the default value is inherited from the + per-user service manager (whose default is in turn inherited from the system service manager, and + thus typically also is 0022 — unless overriden by a PAM module). In order to change the per-user mask + for all user services, consider setting the UMask= setting of the user's + user@.service system service instance. The per-user umask may also be set via + the umask field of a user's JSON User + Record (for users managed by + systemd-homed.service8 + this field may be controlled via homectl --umask=). It may also be set via a PAM + module, such as pam_umask8.