Finally, user files are often created world-readable by default. That
probably isn't the expectation of your users, and it certainly isn't the
best policy. You should set the default umask in /etc/profile using
something like the following:
if [ "$UID" = 0 ]; then
# root user; set world-readable by default so that
# installed files can be read by normal users.
umask 022
else
# make user files secure unless they explicitly open them
# for reading by other users
umask 077
fi
You should consult the umask(2) and bash(1) man pages for
more information on setting the umask. Note that the umask(2) man
page refers to the C function, but the information it contains applies to
the bash command as well. See Part 3 of the LPI 101 series for additional details on umask.