Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-08-2005, 02:42 PM
|
#1
|
|
LQ Newbie
Registered: Mar 2005
Location: Paris, France
Distribution: RHEL 3
Posts: 17
Rep: 
|
Change default file permissions
Hello all,
I'm wondering why, on linux, default file permissions permit to all users on the machine to read-only other user's files (chmod 755).
For security reasons, I'd like for my users that their files can by default NOT be accessed by other users, whenever they are created by bash, php, or ftp daemon (vsftpd).
How can I achieve this ?
Thanks a lot for your answers.
Ben
|
|
|
|
|
05-08-2005, 03:08 PM
|
#2
|
|
Guru
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Squeeze, Fedora 14
Posts: 7,268
Rep: 
|
"I'm wondering why, on linux, default file permissions permit to all users on the machine to read-only other user's files (chmod 755)."
The default file permissions are kept in /etc/permissions and/or /etc/permissions.d. How the default permissions are set up is defined by the distribution. Many distributions allow you to specify a security level during install. You can later change the default file permissions by changing /etc/permissions and/or /etc/permissions.d.
--------------------------
Steve Stites
|
|
|
|
|
05-08-2005, 03:12 PM
|
#3
|
|
Moderator
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,915
|
As always, there's several ways of doing this ...
1) edit everyones .bashrc/.bash_profile/.bash_login
(whichever applies) to contain
umask 077 which will grant NO permissions to group
and other.
2) edit /etc/profile to have that umask
Cheers,
Tink
|
|
|
|
|
05-08-2005, 06:40 PM
|
#4
|
|
LQ Newbie
Registered: Mar 2005
Location: Paris, France
Distribution: RHEL 3
Posts: 17
Original Poster
Rep:
|
jailbait, thanks for your answer, but I think these files are suse-specific, since they don't exist on my distrib (redhat).
tinkster, thanks for help, this will help me, but I've got related questions :
- these files affect only shells, right? the modif did not affect proftpd -which as only one umask config, not per-user config-. For php, I don't know how to do. Isn't there a more "global" way to set this ?
- I found that the script giving default umask is /etc/bashrc. Is it safe to modify this file directly, with the umask you specified above? Or is it safer to leave it unchanged and add another umask in another config file, called after ?
Thanks.
Ben
|
|
|
|
|
05-08-2005, 07:06 PM
|
#5
|
|
Moderator
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,915
|
Yep, filename vary with distro ... I used the one that
Slack utilises since you didn't put your distro in either
the post or your details ...
As long as you don't make syntactical errors on that line,
and don't screw up other parts of the script it's safe ;}
A very good rule would be to make a back-up copy
of any script you are about to modify before you start
editing it.
Cheers,
Tink
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:08 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
