The umask is a value that determines the default permission settings assigned when new files and directories are created.Each UNIX system has a default umask value; each user can change his or her own umask value (and usually does so at login time in a .cshrc, .login, or .profile file); each process can also examine or alter its umask value with the umask command.
umask is an inherited feature. If a process sets a particular umask, its children will inherit the same umask value.Here's how umask works. Numerically, it specifies which permissions are not granted by default when a file or directory is created. For example, a user's umask is set to 027. The umask 027 is broken down into 0, 2, and 7. The 0 means that the user will have all permissions; the 2 means that group will not have write (2) permissions; the 7 means that other will not have execute (1), write (2), or read (4) permissions.
Another way to think about umask is to subtract each of its digits from 7; the resulting digits are the permission set up for a file or directory that is created while that umask is in effect.
In addition to being set numerically, a umask can also be set symbolically, with options similar to chmod's symbolic syntax. For example
umask u+rwx,g+rx,o-a ...is the same as: umask 027
umask u+rw,g+r,o+r ...is the same as: umask 133
umask u+rw,g+r,o+r ...is the same as: umask 133
Configuring in UNIX:
The Korn shell has a nice feature with its built-in umask command. The -S option is used to symbolically—rather than numerically—display the user's umask. For example
% sh
% umask
0027
% ksh
% umask
0027
% umask -S
u=rwx,g=rx,o=
%
% sh
% umask
0027
% ksh
% umask
0027
% umask -S
u=rwx,g=rx,o=
%
Default File Permissions and umask
Permissions for files that are created with commands such as vi, cp, or touch or with shell redirection are determined by applying the process's umask value to the initial value 666. This is illustrated in the following example.
% umask
0027
% touch test
% ls -ld test
-rw-r----- 1 pete staff 0 Oct 1 07:17 test
%
In this example, the file's permissions can be calculated as 666 (initial value) less 027 (umask) equals 640 (the file's permissions).
0027
% touch test
% ls -ld test
-rw-r----- 1 pete staff 0 Oct 1 07:17 test
%
In this example, the file's permissions can be calculated as 666 (initial value) less 027 (umask) equals 640 (the file's permissions).
Root User umask
I recommend that root's umask be set to 077 or 027. This will result in any file created by root being not readable or writable by others.
Default Directory Permissions and umask
Permissions for directories created with commands such as mkdir are determined by applying the process's umask value to the initial value 777. The following example illustrates this.
% umask
0027
% mkdir test
% ls -la test
-rwxr-x--- 2 test staff 0 Sep 1 17:10 test
%
In this example, the directory's permissions are calculated as 777 (initial value) less 027 (umask), giving 750 (the directory's permissions).
% umask
0027
% mkdir test
% ls -la test
-rwxr-x--- 2 test staff 0 Sep 1 17:10 test
%
In this example, the directory's permissions are calculated as 777 (initial value) less 027 (umask), giving 750 (the directory's permissions).
No comments:
Post a Comment