Hi, Em Ter, 2005-08-23 às 11:37 -0500, Jay Paulson escreveu: > I have been messing around with file permissions on my SuSE box and > found that the umask needs to be changed in order for files that are > created in a directory to have group writable permission on them, > otherwise they are set to not writable for the group. However, in my > search to find an explanation of how umask works with all the different > ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't > found anything that really explain what it does. Therefore, I'm a > little bit lost on what to do. > > Can anyone point me to a good resource for umask? > > When you set the umask can you set it for a certain directory and it's > sub directories or is it system wide? > > Are there any security risks for setting the umask to 002? (Whatever > that actually does :-] ) umask is set for each user environment. Every file that user creates, in any directory, will have it's permissions affected by the umask you have set. You can set it manually after logon or you can put the umask command in ~/.bashrc file for an user (assuming you're using the bash shell). You can set it to all users or for groups of users editing /etc/bashrc (in FC - don't know in SuSE). Depending on what you want to do, it may be possible to configure users access for files created in a given directory by setting the SGID bit of the directory, changing the group associated with the directory and configuring the appropriate umask and group membership for the users. As for how umask values are used, it's simple: the permissions that would be assigned to a file or directory when it's created are combined with the umask value in a AND-NOT logical operation (default value AND NOT umask value). Default permission value for directories is 777 and for files is 666 (there are exceptions: executable files generated by compilers often use 777 as default permission value. It depends on the application that created the file). For example, if you create a text file (default permission is 666) and the umask for this user is 037, resulting permission will be 640 (666 AND (NOT 037)). To easily calculate the umask that must be used to get a desired result, simply set in umask every bit you want to reset in default permission and reset in umask every bit you don't want to change in default permission. []'s Marcelo
