Re: umask?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The 4th value in the umask is used to identify the default setuid and
setgid permissions used on your files and directories.  (That is at
least true for UNIX)  The Unix manuals also say that you should change
the default umask value set on your system to 027, because this will
remove all the permissions from the everyone group.

The shell does simple maths to determine what permissions are used on
new files and directories that you create.

The maximum permissions that you will typically assign to a normal text
file will be -rw-rw-rw- (666) the shell will use the umask in the
following manner:

666 - (umask) 022= 644 : rw-r--r--

On a directory the maximum permissions will be drwxrwxrwx (777). The
umask is used in the following manner:

777 - (umask) 022= 755: drwxr-xr-x.

The umask is only applied to new files and directories that are created,
and can be applied system wide (for all users) or on a per-user basis.

Regards
Danie

On Tue, 2005-08-23 at 22:59, akonstam@xxxxxxxxxxx wrote:
> On Tue, Aug 23, 2005 at 11:37:30AM -0500, Jay Paulson wrote:
> > I have been messing around with file permissions on my SuSE box and 
> > found that the umask needs to be changed in order for files that are 
> > created in a directory to have group writable permission on them, 
> > otherwise they are set to not writable for the group.  However, in my 
> > search to find an explanation of how umask works with all the different 
> > ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't 
> > found anything that really explain what it does.  Therefore, I'm a 
> > little bit lost on what to do.
> > 
> > Can anyone point me to a good resource for umask?
> > 
> > When you set the umask can you set it for a certain directory and it's 
> > sub directories or is it system wide?
> > 
> > Are there any security risks for setting the umask to 002? (Whatever 
> > that actually does :-] )
> > 
> > Thanks for any help!
> > jay
> umask is part of the shell. The umask says that the maximum
> permission that a file created in a directory can have is the 8s
> compliment of the umask argument.
> Examples: umask 000  -> file can have any  permissions up to 777
> 	  umask 022 -> files can not be more  secure than 755 or
> 	 		if you don't do anything special the files
> 			will be 755.
> -- Now if the argument has four digits such as 0022  as far as I can
> tell that has to be 0. There once was a use for it but it seems to
> have evaporated. I am not certain about this 
> 
> Let me restate this using the words of Unix System Administrators
> Handbook By E. Nemeth , et al
> 
> The umask argument is a 3 digit octal code that represents the
> permissions to take away. 022 takes the w permission away from group
> and world. When a file is created the permissions are set to whatever
> the creating permissions asks for minus whatever umask forbids.
> Maybe this is a clearer way to explain this.
> 
> =======================================================================
> Deprive a mirror of its silver and even the Czar won't see his face.
> -------------------------------------------
> Aaron Konstam
> Computer Science
> Trinity University
> telephone: (210)-999-7484
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- 
         ______          
    	/_____/\         DANIE THOM
       /____ \\ \        Sun Java ES
      /_____\ \\ /       Training and Course Development
     /_____/ \/ / /      
    /_____/ /   \//\     Global Customer Services SEE Region
    \_____\//\   / /     Technical Development Centre
     \_____/ / /\ /      South Africa
      \_____/ \\ \       
       \_____\ \\        Switchboard:   +2711-8055900
        \_____\/         Fax:           +2711-8055905
                         Mobile:        +2783-280512
         GLOBAL          E-Mail:        danie.thom@xxxxxxx
        CUSTOMER         Working Week:  Mondays through Fridays
        SERVICES         Office Hours:  08h00 - 17h00 (GMT+2)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux