umask?
Marcelo Magno T. Sales
marcelo.sales at sefaz.pe.gov.br
Wed Aug 24 15:06:28 UTC 2005
Hi,
Em Ter, 2005-08-23 às 11:37 -0500, Jay Paulson escreveu:
> I have been messing around with file permissions on my SuSE box and
> found that the umask needs to be changed in order for files that are
> created in a directory to have group writable permission on them,
> otherwise they are set to not writable for the group. However, in my
> search to find an explanation of how umask works with all the different
> ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't
> found anything that really explain what it does. Therefore, I'm a
> little bit lost on what to do.
>
> Can anyone point me to a good resource for umask?
>
> When you set the umask can you set it for a certain directory and it's
> sub directories or is it system wide?
>
> Are there any security risks for setting the umask to 002? (Whatever
> that actually does :-] )
umask is set for each user environment. Every file that user creates, in
any directory, will have it's permissions affected by the umask you have
set. You can set it manually after logon or you can put the umask
command in ~/.bashrc file for an user (assuming you're using the bash
shell). You can set it to all users or for groups of users
editing /etc/bashrc (in FC - don't know in SuSE). Depending on what you
want to do, it may be possible to configure users access for files
created in a given directory by setting the SGID bit of the directory,
changing the group associated with the directory and configuring the
appropriate umask and group membership for the users.
As for how umask values are used, it's simple: the permissions that
would be assigned to a file or directory when it's created are combined
with the umask value in a AND-NOT logical operation (default value AND
NOT umask value). Default permission value for directories is 777 and
for files is 666 (there are exceptions: executable files generated by
compilers often use 777 as default permission value. It depends on the
application that created the file).
For example, if you create a text file (default permission is 666) and
the umask for this user is 037, resulting permission will be 640 (666
AND (NOT 037)).
To easily calculate the umask that must be used to get a desired result,
simply set in umask every bit you want to reset in default permission
and reset in umask every bit you don't want to change in default
permission.
[]'s
Marcelo
More information about the fedora-list
mailing list