Hylton, On Thursday 28 April 2005 08:04, Hylton Conacher (ZR1HPC) wrote:
Randall R Schulz wrote:
Erik, ........(snippee)
I've done this before on this list, but here goes...
Every time a program creates a file, it specifies a set of permission bits. If the program is a plain file, the program will usually (_usually_, not always) specify 0666 (read+write for owner, group and others). If the program is creating a directory or an executable file, it will usually use 0777 (read+write+execute for owner, group and others).
Thank you Eril and Randall. Although I knew that the umask was related to file security, I did not know how it was applied. So when the file is created the umask decreases the privileges and then only the owner, in SuSE, can change the permissions, but the umask will not affect the new permissions ie a file is created (0666), umask(022) intervenes and makes it (0644). If the user now changes the permissions to 0666 the umask does not reset the permissions.
Correct. On _all_ Unix and Linux systems, only the owner of a file (and root) may change its mode. Having permission to write the file, e.g. (or any other permission controlled by the file modes) does not (cannot) grant non-owners the ability to change the file's mode. If you think about it for a moment, were it otherwise, you could not simultaneously allow someone to write the file without losing all control over access to it. There are other very different permissions schemes based on the notion of "capabilities," and such systems often define the ability to alter an object's permissions as an independently grantable privilege. Some also make the ability to grant a capability as an explicitly controlled capability. Capabilities are powerful and flexible as well as often confusing and subject to unintended consequences.
[snip]
I hope it helped Erik as it certainly did help me.
I'm glad for that. Randall Schulz