LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Clarify umask feature (https://www.linuxquestions.org/questions/linux-general-1/clarify-umask-feature-4175471158/)

BeingGokul 07-27-2013 05:36 PM
Clarify umask feature
 
If I am not wrong, this is how umask is calculated.

for dir, 777 - 022(root's umask value) = 755.
for file, 666 - 022(root's umask value) = 644.
Now, where this umask value is defined? Is it the /etc/bashrc file?.

If so, then what is the file /etc/login.defs for? My /etc/login.defs file says 077 as umask - what does this mean?

Also where is cmask defined?

The umask can be changed using umask command, but that is temporary. Right? If I have to make it permanent, I can edit .bashrc file in my home dir and append "umask value" to it.

Also, say I am root and I want to set a specific umask for all other users, how to do that?

Thanks for your time and assistance in advance.

jv2112 07-27-2013 05:47 PM
Clarify umask feature
 
The bashrc in your home directory overrides the system wide settings in /etc.

So to control users you can set in there home bashrc.

fakie_flip 07-27-2013 08:10 PM
Quote:
Originally Posted by BeingGokul (Post 4998099)
If I am not wrong, this is how umask is calculated.

for dir, 777 - 022(root's umask value) = 755.
for file, 666 - 022(root's umask value) = 644.
Now, where this umask value is defined? Is it the /etc/bashrc file?.
Yes, that is correct. By default, files will not have the executable permission. Defining umask is done in /etc/fstab. If you don't have a umask entry there, I'm guessing a default value is used.

Quote:
If so, then what is the file /etc/login.defs for? My /etc/login.defs file says 077 as umask - what does this mean?
Read the comments above the umask entry in that file.

Code:
#
# Login configuration initializations:
#
#    ERASECHAR    Terminal ERASE character ('\010' = backspace).
#    KILLCHAR    Terminal KILL character ('\025' = CTRL/U).
#    UMASK        Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR    0177
KILLCHAR    025
UMASK        022
Quote:
Also where is cmask defined?
I'm unsure. Have you googled it?

Quote:
The umask can be changed using umask command, but that is temporary. Right? If I have to make it permanent, I can edit .bashrc file in my home dir and append "umask value" to it.
Using the umask command is temporary and only applies to that terminal session. I decided once that I wanted all my files to have o-rwx,g-rwx, and put umask 077 in my .bashrc., not a good idea I later found out if you use sudo as it also affects those files. I found a better solution.

Code:
bullshark@beastlinux ~ $ crontab -l | tail -2
# m h  dom mon dow  command
0 * * * * chmod -R g-rwx,o-rwx /home/bullshark
bullshark@beastlinux ~ $

Quote:
Also, say I am root and I want to set a specific umask for all other users, how to do that?

Thanks for your time and assistance in advance.
Edit the /etc/fstab to have a umask value for each file system. That doesn't prevent a user from changing permissions or using the umask command.

astrogeek 07-27-2013 08:42 PM
Quote:
Originally Posted by jv2112 (Post 4998104)
The bashrc in your home directory overrides the system wide settings in /etc.

So to control users you can set in there home bashrc.
But the user can then just change it back - so if he wants to enforce it for all users that is not a solution.

BeingGokul 07-28-2013 11:40 AM
Quote:
Originally Posted by jv2112 (Post 4998104)
The bashrc in your home directory overrides the system wide settings in /etc.

So to control users you can set in there home bashrc.
Every user has write permission to their bashrc, so how would that help? I mean, if root sets it in the .bashrc of the user, then the user can override it.

BeingGokul 07-28-2013 11:41 AM
Quote:
Originally Posted by astrogeek (Post 4998145)
But the user can then just change it back - so if he wants to enforce it for all users that is not a solution.
Yes, exactly. So, any solutions that you are aware of?

BeingGokul 07-28-2013 11:46 AM
Quote:
Originally Posted by fakie_flip (Post 4998138)
Yes, that is correct. By default, files will not have the executable permission. Defining umask is done in /etc/fstab. If you don't have a umask entry there, I'm guessing a default value is used.



Read the comments above the umask entry in that file.

Code:
#
# Login configuration initializations:
#
#    ERASECHAR    Terminal ERASE character ('\010' = backspace).
#    KILLCHAR    Terminal KILL character ('\025' = CTRL/U).
#    UMASK        Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR    0177
KILLCHAR    025
UMASK        022


I'm unsure. Have you googled it?



Using the umask command is temporary and only applies to that terminal session. I decided once that I wanted all my files to have o-rwx,g-rwx, and put umask 077 in my .bashrc., not a good idea I later found out if you use sudo as it also affects those files. I found a better solution.

Code:
bullshark@beastlinux ~ $ crontab -l | tail -2
# m h  dom mon dow  command
0 * * * * chmod -R g-rwx,o-rwx /home/bullshark
bullshark@beastlinux ~ $



Edit the /etc/fstab to have a umask value for each file system. That doesn't prevent a user from changing permissions or using the umask command.
/etc/fstab -- editing it to have umask for each file system --? Is that really possible? When you say filesystem, do you mean the partition? and how would i set it in the fstab file? what's the format?

Also,

Setting it for a partition means, whoever the user maybe, if they create files or dir under that partition, that file/dir will get the pre-defined permissions. Is that's the case?


Coming to login.defs -- my login.defs says umask as 077. But whereas when i create files/directories using any user in my system, it doesn't seem to follow 077, instead it is 022. I checked .bashrc of all users and found no overriding also. What does this 077 implies? why it's not being implemented? what overrides that?

fakie_flip 07-30-2013 03:01 PM
All the examples I looked at only used umask for fat and ntfs partitions in the fstab, so I could be wrong.


All times are GMT -5. The time now is 11:59 AM.