[CLUE-Tech] Directory permissions -- problems with '-w--w--w-'
David Jackson
david.j.jackson at pickledbeans.com
Wed May 22 12:21:32 MDT 2002
Remember umask works in reverse:
rwx-rwx-rwx = 777
umask 022
------------------
file perms = 755
777
-027
-----
750
What a lot of systems,to is create a group for each user by
default so my user and group would be davej.
But cann't hide from root, that I know of.
As the thread I pointed you to explains, the same perms,
a directory mean something different on a file...but
then again that Unix for you.
david
> Okay, thanks I found this in /etc/profile:
>
> umask 022
>
> Then changed it to:
>
> umask 027
>
> What I'm looking for is the privacy of each user from all other users
> except root.
>
> What would be the appropriate "umask" to achieve that without adversly
> affecting the operation of the system?
>
> I found the following explanation:
>
> http://www.tldp.org/HOWTO/Security-HOWTO-5.html
>
>
> 5.1 Umask Settings
>
> The umask command can be used to determine the default file creation
> mode on your system. It is the octal complement of the desired file
> mode. If files are created without any regard to their permissions
> settings, the user could inadvertently give read or write permission to
> someone that should not have this permission. Typical umask settings
> include 022, 027, and 077 (which is the most restrictive). Normally the
> umask is set in /etc/profile, so it applies to all users on the
> system. The file creation mask can be calculated by subtracting the
> desired value from 777. In other words, a umask of 777 would cause
> newly-created files to contain no read, write or execute permission
> for anyone. A mask of 666 would cause newly-created files to have a
> mask of 111. For example, you may have a line that looks like this:
>
> # Set the user's default umask
> umask 033
>
> Be sure to make root's umask 077, which will disable read, write, and
> execute permission for other users, unless explicitly changed using
> chmod. In this case, newly-created directories would have 744
> permissions, obtained by subtracting 033 from 777. Newly-created files
> using the 033 umask would have permissions of 644.
>
> If you are using Red Hat, and adhere to their user and group ID
> creation scheme (User Private Groups), it is only necessary to use 002
> for a umask. This is due to the fact that the default configuration is
> one user per group.
>
>
>
>
> David Jackson wrote:
>
>>Joe --
>>The default file permission are set by umask usally in /etc/profile?
>>How log does it take for perm to be changed? If it regular interval
>>then theres a cron running, if it's after reboot there may be something
>>in on of the rc scripts.
>>
>>David
>>
>>
>>>The problem I'm having is Mandrake 8.2 is changing the permissions on
>>>my "/home/user" folder without me giving permission. I set it to 770
>>>and then shortly thereafter, the system changes it to 755. This is
>>>not what I want, and I don't seem to be able to fix it.
>>>
>>
>>
>>
>>
>>_______________________________________________
>>CLUE-Tech mailing list
>>CLUE-Tech at clue.denver.co.us
>>http://clue.denver.co.us/mailman/listinfo/clue-tech
--
More information about the clue-tech
mailing list