Set umask for remote commands

Question

How can I direct processes started on remote machines via ssh to run with a certain umask? I want this to apply to commands run as part of standard Capistrano recipes too, so I can't just make an explicit call to "umask" part of the command.

It does not appear that ~/.bash_profile on the remote machine is read, with the way that Capistrano invokes remote commands.

score 3 · Accepted Answer · answered Mar 31 '15 at 16:36

3

I was confronted to the same issue and got around it by using the then-undocumented SSHKit.config.umask in config/deploy.rb. Note that this will set the umask for every ssh command.

answered Mar 31 '15 at 16:36

beauby

550
3
11

1

Just a note to say this doesn't work if you use the `execute('some command')` syntax, you have to use `execute(:some, 'command')` so that it is in interpreted via the [command map](https://github.com/capistrano/sshkit#the-command-map) – robd Apr 09 '15 at 16:02
This works only for Capistrano 3. Capistrano 2 doesn't use SSHKit. – Julian Mehnle Mar 03 '16 at 19:46

score 2 · Answer 2 · answered Mar 04 '14 at 15:01

2

Put umask 0002 in the .bashrc of the user account you use to deploy.

answered Mar 04 '14 at 15:01

Alain Beauvois

5,896
3
44
26

This works. i had my umash in my deploy user's .bash_profile file but realized for a passwordless ssh user this profile file seems to be not used and .bashrc does – armyofda12mnkeys Mar 26 '18 at 15:52

score 0 · Answer 3 · edited May 23 '17 at 10:30

0

Agreed with Alain--set the umask in your .bashrc instead of .bash_profile. When deploying with Capistrano in a typical setup, your .bash_profile isn't loaded by default. Reading up on the difference between .bashrc and .bash_profile will help in understanding the purposes of the two. I have environment variables set in my .bashrc file and they are certainly used when I deploy or for running any other commands with capistrano.

Another option is to create a task to set your umask value before you begin creating files on deploy. For example, in Cap 3, you can use this:

task :set_umask do
  on roles(:all) do |host|
    execute "umask 0002"
  end
end
before "deploy:starting", "set_umask"

edited May 23 '17 at 10:30

Community

1
1

answered Apr 29 '14 at 18:38

alkalinecoffee

1,003
8
20

4

Your capistrano-based solution does not seem to work. However, setting SSHKit.config.umask = "0002" in config/deploy.rb does the trick. – beauby May 23 '14 at 01:56
1

@beauby oh god and this is not documented **anywhere**. Care to make this an answer? – Felix Frank Mar 12 '15 at 15:36
@FelixFrank: Yeah, I remember having a hard time finding it... Done! – beauby Mar 31 '15 at 16:36

score 0 · Answer 4 · answered Mar 03 '16 at 20:35

@beauby's answer using SSHKit is good, but it works only for Capistrano 3 as Capistrano 2 doesn't use SSHKit.

A common problem in relation to umask and Capistrano is that bundle install installs gems with permissions that are too restrictive. For this specific issue, the solution I've found for Capistrano 2 is to say:

namespace :bundle do
  task :postinstall do
    run "chmod -R u=rwX,go=rX #{bundle_dir}"
  end
end

after 'bundle:install', 'bundle:postinstall'

Set umask for remote commands

4 Answers4