On Tue, Aug 23, 2005 at 11:37:30AM -0500, Jay Paulson wrote: > I have been messing around with file permissions on my SuSE box and > found that the umask needs to be changed in order for files that are > created in a directory to have group writable permission on them, > otherwise they are set to not writable for the group. However, in my > search to find an explanation of how umask works with all the different > ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't > found anything that really explain what it does. Therefore, I'm a > little bit lost on what to do. > > Can anyone point me to a good resource for umask? > > When you set the umask can you set it for a certain directory and it's > sub directories or is it system wide? > > Are there any security risks for setting the umask to 002? (Whatever > that actually does :-] ) > > Thanks for any help! > jay umask is part of the shell. The umask says that the maximum permission that a file created in a directory can have is the 8s compliment of the umask argument. Examples: umask 000 -> file can have any permissions up to 777 umask 022 -> files can not be more secure than 755 or if you don't do anything special the files will be 755. -- Now if the argument has four digits such as 0022 as far as I can tell that has to be 0. There once was a use for it but it seems to have evaporated. I am not certain about this Let me restate this using the words of Unix System Administrators Handbook By E. Nemeth , et al The umask argument is a 3 digit octal code that represents the permissions to take away. 022 takes the w permission away from group and world. When a file is created the permissions are set to whatever the creating permissions asks for minus whatever umask forbids. Maybe this is a clearer way to explain this. ======================================================================= Deprive a mirror of its silver and even the Czar won't see his face. ------------------------------------------- Aaron Konstam Computer Science Trinity University telephone: (210)-999-7484