Default permissions

Michael Cohen michael.cohen at netspeed.com.au
Fri Sep 8 06:09:21 CST 2006 

Nic,
  Note that umask is masked with the default open(2) system call which is
  called by the process which is trying to create the files in the first place.
  Ideally the original process should set as permissive permissions as
  possible, and then umask can be used to tune the permission downwards (i.e.
  make them more restrictive).

  I have come up against this problem before - the process that creates the
  files needs to specify a permission mask in the open() system call. Its very
  unlikely to give data files an execute permission - so umask will not be able
  to enable it.

  You have 3 options:

  - rethink why you need execute permissions on a data file (this could be a
  security risk).

  - recompile the application that generates the files with the required flags
  (see man 2 open).

  - Write a little cron job to fix the permissions periodically.


  Michael.

  
On Fri, Sep 08, 2006 at 03:39:29PM +0930, Nicholas Thiele wrote:
> 
> Can 'umask' grant extra permissions?  When we 'touch' a file in a
> specific directory it doesn't get execute permissions.  We want to
> ensure that every file created in a specific directory gets execute
> permissions.  Is there something we are missing?
> 
> Nic T.
> 
> -----Original Message-----
> From: Adam Hawes [mailto:adamh at adpro.com.au] 
> Sent: Friday, 8 September 2006 3:16 PM
> To: Nicholas Thiele; linuxsa at linuxsa.org.au
> Subject: RE: Default permissions
> 
> *grr* didn't finish the last reply before the fat fingers hit enter.
> 
> <quote bash>
> umask [-p] [-S] [mode]
> The user file-creation mask is set to mode.  If mode begins with a
> digit, it is interpreted as an octal number; otherwise  it is
> interpreted as a symbolic mode mask similar to that accepted by
> chmod(1).  If mode is omitted, the current value of the mask is printed.
> The -S option causes the mask to be printed in symbolic form; the
> default output is  an octal number.  If the -p option is supplied, and
> mode is omitted, the output is in a form that may be reused as input.
> 
> The return status is 0 if the mode was successfully changed or if no
> mode argument was supplied, and false  otherwise.
> </quote>
> 
> Umask will do what you want :) (man 2 umask)
> 
> A
> 
> -- 
> LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
> To unsubscribe or change your options:
>   http://www.netcraft.com.au/mailman/listinfo/linuxsa

More information about the linuxsa mailing list