Monday, July 21, 2008

How To Make Use of UMask

Changing file permission is a file security thing. Any file owned by another user with improper file permissions could grant file access for free to any system users. This could also lead to super user access to the whole operating system in the case of improper default umask value with shadow and password files.

Introducing Umask

Umask is a system environment variable which is used for setting default file permissions on operating system. Umask can be configured with a system wide default value automatically or on per user basis.

Umask Usage

Umask usage with with file and directories has different value. To determine specific umask values, use a simple arithmetic procedure with the common umask value for file, which is 666 and 777 for directories.

Say, if you want all newly files to be created with file permissions of 660, set your umask to 006. That is 666 minus (-) determined file permission of 660 would equal to 006.

Alternatively, to set for a reasonable default file permission value of 644 would need a umask value of 022. This will cause files to be created with default permissions of 644 , that is (rw-r--r--) file permission set.

For directory permission, you could subtract 777 umask common value. Say, a desired directory permission of (rwxrwx---) 770 would need a umask value of 007.

For paranoid secure value, a default umask value of 066 would create new files with 600 (rw-------) and directories with permissions of 700 (rwx-----) .

Determine System Umask Value

Issue umask without any parameters

# umask

System-wide Umask Setting
The default umask value for system wide configuration can be viewed inside your /etc/bashrc file.

Per-User Umask Value Setting

To set a per-user settings with umask, simply backup and modify a user's .bashrc file located from the user's default home directory. Make sure that your specific user's umask value is appended to the last line of the the said .bashrc file.

Save and exit. Changes would take effect on new login shells and file/directory creations.

Posted by VeRTiTO at 10:41 AM

Labels:

0 comments:

Post a Comment

Sign up for PayPal and start accepting credit card payments instantly.
Subscribe to: Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy