Jay Paulson wrote:
I have been messing around with file permissions on my SuSE box and found that the umask needs to be changed in order for files that are created in a directory to have group writable permission on them, otherwise they are set to not writable for the group. However, in my search to find an explanation of how umask works with all the different ways you can set it (022, 002, 0022, 0002, and more I'm sure) I haven't found anything that really explain what it does. Therefore, I'm a little bit lost on what to do.
Can anyone point me to a good resource for umask?
When you set the umask can you set it for a certain directory and it's sub directories or is it system wide?
Are there any security risks for setting the umask to 002? (Whatever that actually does :-] )
Thanks for any help! jay
Many Linux & Unix books desribe umask. However, you expand the octal numbers into binary, and wherever you've got a "1", you're removing a permission. So, a umask of 027 or 000 010 111, the owner has full rights, as allowed by the file permissions, the group has all but write and others have no permissions. Normally, the umask is determined at login, by a umask value in one of the login scripts, however, by setting the sticky bit, you can cause a directory's permissions to be inherited by its contents.
Regular file permissions with chmod I understand. :) It's the umask that is giving me fits. I have one system with a umask set to 0022, one set to 0002, and one set to 022. Why are they all set this way? Beats me I didn't setup the systems I'm just trying to fix the problems of who ever set them up. ;)
Which is a better practice/more secure/common place? Setting the system umask to 002 or setting it per profile in the .bashrc? If it's the latter how would I set it in the .bashrc file (syntax wise)?
Umask can be set in any of the login scripts, though it's controlled by the last one to run. If you want it to be system wide, you'd use one of the scripts in /etc. If only for an individual user, in ~/.bashrc or other script in a user's home directory. I can't say why the systems differ, other than someone's personal choices. For example the umask in Red Hat is different from SuSE. You'd use the umask command to set it. Remember though that umask subtracts rights, so if a bit is set, the corresponding file permission is cancelled.