April 11, 2011

Getting the umask of a running process

Sometimes you may need to find out the umask a process will use to write to the filesystem - in a Linux environment - but you can not afford to shut down the process - let’s say it is in production at the moment.

Doing this isn’t as trivial as you would expect, as the /proc filesystem doesn’t offer any information about this. The easiest way I have found is to attach gdb to the running process and calling umask to get the information. We will use the SSH daemon as example:

First find the PID (process ID) of the daemon:

ps -ef | grep sshd
root      1083     1  0 21:24 ?        00:00:00 /usr/sbin/sshd -D

Install gdb using your favorite package manager (or compile it) if you don’t have it and attach gdb to the running process:

gdp --pid=1083

You will be presented with the debugger’s shell in which you can call system functions. we need to call the umask function to get what we need:

(gdb) call umask(0)
$1 = 18

This sets the umask of the running process to 0 but also returns at the prompt the previous value of the umask. The returned value - 18 in our case - is the umask represented in the decimal system. Because in userspace we use the octal system to represent umasks you need to convert it to octal. So fire up your favorite calculator and convert it from decimal to octal. 18 translates to 22 in octal, meaning our running process has a umask of 022. That means that the process will write files with 644 as permissions on the filesystem.

Now that you found out what the umask was, set it back:

(gdb) call umask(18)
$2 = 0

Type quit to detach gdb from the process.