umask?

akonstam at trinity.edu akonstam at trinity.edu
Tue Aug 23 20:59:49 UTC 2005 

On Tue, Aug 23, 2005 at 11:37:30AM -0500, Jay Paulson wrote:
> I have been messing around with file permissions on my SuSE box and 
> found that the umask needs to be changed in order for files that are 
> created in a directory to have group writable permission on them, 
> otherwise they are set to not writable for the group.  However, in my 
> search to find an explanation of how umask works with all the different 
> ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't 
> found anything that really explain what it does.  Therefore, I'm a 
> little bit lost on what to do.
> 
> Can anyone point me to a good resource for umask?
> 
> When you set the umask can you set it for a certain directory and it's 
> sub directories or is it system wide?
> 
> Are there any security risks for setting the umask to 002? (Whatever 
> that actually does :-] )
> 
> Thanks for any help!
> jay
umask is part of the shell. The umask says that the maximum
permission that a file created in a directory can have is the 8s
compliment of the umask argument.
Examples: umask 000  -> file can have any  permissions up to 777
	  umask 022 -> files can not be more  secure than 755 or
	 		if you don't do anything special the files
			will be 755.
-- Now if the argument has four digits such as 0022  as far as I can
tell that has to be 0. There once was a use for it but it seems to
have evaporated. I am not certain about this 

Let me restate this using the words of Unix System Administrators
Handbook By E. Nemeth , et al

The umask argument is a 3 digit octal code that represents the
permissions to take away. 022 takes the w permission away from group
and world. When a file is created the permissions are set to whatever
the creating permissions asks for minus whatever umask forbids.
Maybe this is a clearer way to explain this.

=======================================================================
Deprive a mirror of its silver and even the Czar won't see his face.
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
telephone: (210)-999-7484

More information about the fedora-list mailing list