I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do. Can anyone point me to a good resource for umask? When you set the umask can you set it for a certain directory and it's sub directories or is it system wide? Are there any security risks for setting the umask to 002? (Whatever that actually does :-] ) Thanks for any help! jay
Jay Paulson wrote:
I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do.
Can anyone point me to a good resource for umask?
When you set the umask can you set it for a certain directory and it's sub directories or is it system wide?
Are there any security risks for setting the umask to 002? (Whatever that actually does :-] )
Thanks for any help! jay
Many Linux & Unix books desribe umask. However, you expand the octal numbers into binary, and wherever you've got a "1", you're removing a permission. So, a umask of 027 or 000 010 111, the owner has full rights, as allowed by the file permissions, the group has all but write and others have no permissions. Normally, the umask is determined at login, by a umask value in one of the login scripts, however, by setting the sticky bit, you can cause a directory's permissions to be inherited by its contents.
I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do.
Can anyone point me to a good resource for umask?
When you set the umask can you set it for a certain directory and it's sub directories or is it system wide?
Are there any security risks for setting the umask to 002? (Whatever that actually does :-] )
Thanks for any help! jay
Many Linux & Unix books desribe umask. However, you expand the octal numbers into binary, and wherever you've got a "1", you're removing a permission. So, a umask of 027 or 000 010 111, the owner has full rights, as allowed by the file permissions, the group has all but write and others have no permissions. Normally, the umask is determined at login, by a umask value in one of the login scripts, however, by setting the sticky bit, you can cause a directory's permissions to be inherited by its contents.
Regular file permissions with chmod I understand. :) It's the umask that is giving me fits. I have one system with a umask set to 0022, one set to 0002, and one set to 022. Why are they all set this way? Beats me I didn't setup the systems I'm just trying to fix the problems of who ever set them up. ;) Which is a better practice/more secure/common place? Setting the system umask to 002 or setting it per profile in the .bashrc? If it's the latter how would I set it in the .bashrc file (syntax wise)? thanks! jay
Jay Paulson wrote:
I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do.
Can anyone point me to a good resource for umask?
When you set the umask can you set it for a certain directory and it's sub directories or is it system wide?
Are there any security risks for setting the umask to 002? (Whatever that actually does :-] )
Thanks for any help! jay
Many Linux & Unix books desribe umask. However, you expand the octal numbers into binary, and wherever you've got a "1", you're removing a permission. So, a umask of 027 or 000 010 111, the owner has full rights, as allowed by the file permissions, the group has all but write and others have no permissions. Normally, the umask is determined at login, by a umask value in one of the login scripts, however, by setting the sticky bit, you can cause a directory's permissions to be inherited by its contents.
Regular file permissions with chmod I understand. :) It's the umask that is giving me fits. I have one system with a umask set to 0022, one set to 0002, and one set to 022. Why are they all set this way? Beats me I didn't setup the systems I'm just trying to fix the problems of who ever set them up. ;)
Which is a better practice/more secure/common place? Setting the system umask to 002 or setting it per profile in the .bashrc? If it's the latter how would I set it in the .bashrc file (syntax wise)?
Umask can be set in any of the login scripts, though it's controlled by the last one to run. If you want it to be system wide, you'd use one of the scripts in /etc. If only for an individual user, in ~/.bashrc or other script in a user's home directory. I can't say why the systems differ, other than someone's personal choices. For example the umask in Red Hat is different from SuSE. You'd use the umask command to set it. Remember though that umask subtracts rights, so if a bit is set, the corresponding file permission is cancelled.
On Tuesday 23 August 2005 12:36 pm, Jay Paulson wrote:
Regular file permissions with chmod I understand. :):) It's the umask that is giving me fits. I have one system with a umask set to 0022, one set to 0002, and one set to 022. Why are they all set this way? Beats me I didn't setup the systems I'm just trying to fix the problems of who ever set them up. ;);)
Which is a better practice/more secure/common place? Setting the system umask to 002 or setting it per profile in the .bashrc? If it's the latter how would I set it in the .bashrc file (syntax wise)? By default, the umask should be set to 022. You can set it any way you want in your .bashrc. Note that it is a shell builtin. 022 causes default permissions of 0644 (or 0755 for executables if you compile and link). It is one of those old Unixisms. What it is is a mask. The default system permission is 0666. When anded with the complement umask you get the desired permission: 0666 & ~0022 == 0644 (Note that the execute bit is not set by default).
--
Jerry Feldman
Jay, On Tuesday 23 August 2005 09:08, Jay Paulson wrote:
I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do.
Can anyone point me to a good resource for umask?
I've answered that in detail in this forum before: http://lists.suse.com/archive/suse-linux-e/2005-Mar/0360.html
When you set the umask can you set it for a certain directory and it's sub directories or is it system wide?
Neither. It is associated with a process and unless changed is inherited by subprocesses in a manner similar to the way the environment variables are inherited.
Are there any security risks for setting the umask to 002? (Whatever that actually does :-] )
Of course. They all depend on the nature of the use to which the system is being put. There is no inherent risk, despite the over-simplified rules you'll often hear in this sort of forum.
Thanks for any help! jay
Randall Schulz
participants (4)
-
James Knott -
Jay Paulson -
Jerry Feldman -
Randall R Schulz