On 22/11/2011, at 6:26 PM, Tanaka Akira wrote: > 2011/11/22 Clifford Heath <clifford.heath / gmail.com>: >> The umask that almost every Unix distribution has always had in /etc/profile - which is 022. > /etc/profile is a configuration file for login shell. > > There are processes which is not started via login shell, such as > daemons, cron jobs, etc. and those are: * Written by people who know what they are doing * Old, meaning they've had time to expose any vulnerabilities * Run in many places, which would expose any vulnerabilities * Heavily and widely scrutinised for security defects. All up, the non-secure system umask of these daemons has little to no bearing on the correct security defaults for a Ruby program.