umask?

Rick Stevens rstevens at vitalstream.com
Tue Aug 23 21:46:16 UTC 2005 

akonstam at trinity.edu wrote:
> On Tue, Aug 23, 2005 at 11:37:30AM -0500, Jay Paulson wrote:
> 
>>I have been messing around with file permissions on my SuSE box and 
>>found that the umask needs to be changed in order for files that are 
>>created in a directory to have group writable permission on them, 
>>otherwise they are set to not writable for the group.  However, in my 
>>search to find an explanation of how umask works with all the different 
>>ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't 
>>found anything that really explain what it does.  Therefore, I'm a 
>>little bit lost on what to do.
>>
>>Can anyone point me to a good resource for umask?
>>
>>When you set the umask can you set it for a certain directory and it's 
>>sub directories or is it system wide?
>>
>>Are there any security risks for setting the umask to 002? (Whatever 
>>that actually does :-] )
>>
>>Thanks for any help!
>>jay
> 
> umask is part of the shell. The umask says that the maximum
> permission that a file created in a directory can have is the 8s
> compliment of the umask argument.
> Examples: umask 000  -> file can have any  permissions up to 777
> 	  umask 022 -> files can not be more  secure than 755 or
> 	 		if you don't do anything special the files
> 			will be 755.

That should be "...files can not be more _permissive_ than 755...".

Technically, the desired permissions are ANDed with the one's complement
of the umask.  The easier way to think of it is to subtract the umask
from the permissions you're trying to set up.

> -- Now if the argument has four digits such as 0022  as far as I can
> tell that has to be 0. There once was a use for it but it seems to
> have evaporated. I am not certain about this 

In the four-digit thing, the first digit is for the SUID (set user ID,
value 4), SGID (set group ID, value 2) and "sticky" (keep executable
image in memory if possible, value 1) bits.  You can't set the first
digit in umask, but you can in chmod.

> Let me restate this using the words of Unix System Administrators
> Handbook By E. Nemeth , et al
> 
> The umask argument is a 3 digit octal code that represents the
> permissions to take away. 022 takes the w permission away from group
> and world. When a file is created the permissions are set to whatever
> the creating permissions asks for minus whatever umask forbids.
> Maybe this is a clearer way to explain this.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-           Fear is finding a ".vbs" script in your Inbox            -
----------------------------------------------------------------------

More information about the fedora-list mailing list