Rehashing My File Permissions Understanding(or lack of it)
Paul Howarth
paul at city-fan.org
Tue Aug 23 15:08:07 UTC 2005
Jay Paulson wrote:
> I was under the impression that changing the umask was a possible
> security risk. Am I correct in thinking that?
Possibly, possibly not. Using a umask of 002 instead of 022 is something
that Red Hat/Fedora specifically cater for. What this means is that woth
a umask of 002, files are created with group write permissions by
default, so if your default group is shared with a number of other
people then they will be able to write to your files by default.
However, in Red Hat/Fedora, every new user is created with their own
group by default, which isn't shared with any other user. So enabling
group write permission isn't a big issue. What this then lets you do is
to create a separate group for shared data, and then everyone's default
umask being 002 (if set that way) then makes it easy for all members to
create and edit files with this shared groupid.
Paul.
More information about the fedora-list
mailing list