Mark Sargent wrote:
Paul Howarth wrote:
Jay Paulson wrote:
I was under the impression that changing the umask was a possible
security risk. Am I correct in thinking that?
Possibly, possibly not. Using a umask of 002 instead of 022 is
something that Red Hat/Fedora specifically cater for. What this means
is that woth a umask of 002, files are created with group write
permissions by default, so if your default group is shared with a
number of other people then they will be able to write to your files
by default. However, in Red Hat/Fedora, every new user is created with
their own group by default, which isn't shared with any other user. So
enabling group write permission isn't a big issue. What this then lets
you do is to create a separate group for shared data, and then
everyone's default umask being 002 (if set that way) then makes it
easy for all members to create and edit files with this shared groupid.
Paul.
Hi All,
so, in theory, if there were a way to set a umask specifically for a
certain group, it'd be great. For example; when user xman, who is a
member of say, share2 group, creates a new file in a particular dir, the
new file would be writable by all within that same group. Would that
just make things too messy, OR, am I just not getting it.? Cheers.
You're right that this would be great, but unfortunately I don't know of
any way of implementing it.
Well, actually that's not quite true. Using samba you can do things like
this by forcing permissions and uids/gids. But for access to local files
and directories, I don't know of a way of doing this in a
directory-specific way.
Do note thought that if your users all have their own groups, as is the
default in Red Hat/Fedora, you should be safe to set the umask to 002
for all users. If you then create a directory /path/to/dir and do:
# chgrp share2 /path/to/dir
# chmod g+s /path/to/dir
then any files/directories created in that directory should get the
right group ID and permissions.
Paul.
