umask questions

Rike255 · 08-18-2011, 09:46 AM

I have a user whose requirements are as follows:

Files created by the user are read/write by owner only
Directories created by the user are listable by owner and group

Basically I want to have group members able to list the users directories, but not read the files themselves.

Files: rw-------
Directories: rwxr-x--- ?(Don't know exactly what's required to allow for listing)

From what I can tell there is no way to set a users umask for specific file types. Does anyone know how I could accomplish this?

Thanks,
Ryan

SL00b · 08-18-2011, 10:00 AM

First, a terminology comment. This is not a umask question. Umask is a whole other utility entirely.

As for your question... you're right on target. Execute permissions on a directory is what's required to change to a directory and list its contents. So if we assume the same user:group owns the directory and all the files within it, and a user is not the owning user but is a member of the owning group, then yes, these permission settings will accomplish your goal.

SL00b · 08-18-2011, 10:05 AM

To clarify my previous post... the user requires execute permission to change to the directory, and read permission to perform an ls on it. Therefore, group permissions r-x on the directory are correct.

Rike255 · 08-18-2011, 10:32 AM

Thanks for clarifying that part. The second piece of the puzzle is how I can set a users umask to provide different permissions for directories than for files. As you can see here my requirement is for files and directories to have different permissions for one user:

Files: rw-------
Directories: rwxr-x---

Basically, how would I go about setting a user so that any files or directories they create will have the permissions above? Like I said before I don't think there's a way to set separate umasks for different file types.

Thanks

SL00b · 08-18-2011, 10:51 AM

Oh, so the question is how do you make it so the permissions are correct when a user creates a new file... that is a umask question.

In this case, the umask value would be 0066. Files usually aren't created with the execute bit set, and this unsets r-w for group and public. You can test it yourself:

Code:

umask 0066
touch test.file
la test.file

You should see permissions rw------- for test.file.

Now, the question is whether this umask is appropriate for these users throughout the system, or if it's something they should only have within this specific directory. If the former, you can set the umask through their profiles, problem solved.