LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Proper umask settings for /etc/fstab? (http://www.linuxquestions.org/questions/linux-general-1/proper-umask-settings-for-etc-fstab-79863/)

stefanlasiewski 08-07-2003 12:05 PM

Proper umask settings for /etc/fstab?
 
Hey all,

Need some help mounting a Windows/fat32 partition properly.

Currently, my /etc/fstab lhas the following listing:

/dev/hda1 /mnt/windows vfat defaults,user,uid=windows,gid=windows,umask=007 0 0

This gives the following permissions to all files & directories:

drwxrwx--- 6 windows windows 4096 May 11 11:58 /mnt/windows/Documents and Settings
-rwxrwx--- 1 windows windows 186 Dec 27 2002 /mnt/windows/autoexec.bat

I think it's a bad idea for all files to be automatically listed as executable. Files shouldn't be executable unless absolutely necessary.

What I want is for user 'windows' and members of group 'windows' to be able to:
- Read, write & access directories. Unix directories need to be executable if you want access, correct?
- Read, write but not execute normal files

I'm hoping for somethign like this with a single umask:

drwxrwx--- 6 windows windows 4096 May 11 11:58 /mnt/windows/Documents and Settings
-rw-rw---- 1 windows windows 186 Dec 27 2002 /mnt/windows/autoexec.bat


Is this possible?

Any help is appreciated.

-= Stefan

Mathieu 08-07-2003 01:23 PM

In the options, when you add user it also implies noexec.
noexec will not allow any binaries on the mounted file system to be executed.

Take a look at the mount MAN page for more information concerning the available options. :study:

stefanlasiewski 08-07-2003 01:35 PM

Ah thanks, so the executable bit is ignored with the user or noexec options.

Good to know. I was just being paranoid. :)

-= Stefan

unSpawn 08-07-2003 02:40 PM

In the options, when you add user it also implies noexec.
noexec will not allow any binaries on the mounted file system to be executed.

Try "/lib/ld-linux.so.2 </mountdir/partition/bindir/binary>" to see if that statement is true. If not, and you need to disable execs outside people's $PATH properly, head over to grsecurity.net and patch your kernel. The TPE settings are what you're looking for.

Skyline 08-07-2003 06:01 PM

Defaults gives :

rw, suid, dev, exec, auto, nouser, and async

umask=117

will give you

-rw-rw----

stefanlasiewski 08-07-2003 07:48 PM

<i>
umask=117

will give you

-rw-rw----
</i>

That is fine for files, but it renders any directory inaccessable, because the executable bit is not set.

ForYouAndI.com 06-05-2009 06:27 PM

This works for me:

defaults,noexec,dmask=007,fmask=117,uid=user,gid=user


All times are GMT -5. The time now is 05:37 PM.