I disagree. Security and convenience usually do not go together; a default umask of 022 is a nice middle-term: by default you can see other user's directories and files, but you cannot *change* them.
On my laptop this is a perfectly acceptable umask. On my servers I usually force a default umask of 077 -- meaning that by *default* only the creator/owner has *any* access to files created by him/her.
As *you* want more lockdown, others would rather have less.
BTW, 'umask' is set for the session (terminal, login), not for a particular directory.
I disagree. Security and convenience usually do not go together; a default umask of 022 is a nice middle-term: by default you can see other user's directories and files, but you cannot *change* them.
On my laptop this is a perfectly acceptable umask. On my servers I usually force a default umask of 077 -- meaning that by *default* only the creator/owner has *any* access to files created by him/her.
As *you* want more lockdown, others would rather have less.
BTW, 'umask' is set for the session (terminal, login), not for a particular directory.