Question about modifying file permission which differ from the system-wide umask

Alpha90 · 08-04-2013, 12:22 AM

I have a umask set at 027 for alittle increased security. However for alittle extra security and to clean up the ls color output I was looking into modifying my non executable data directories and files such as a Documents directory to the file permissions of 640. However if i user chmod and do something like chmod 640 ~/Documents followed by a cd or ls of Documents I will get a message saying cd: Documents: Permission denied when I still own the directory and my user and group has read privlage. I am sure this has something to do with umask but I do not know what. Does anyone know why this occures ?

astrogeek · 08-04-2013, 12:31 AM

I got a refresher looking this up... thanks...

Found a note I left for myself:

Quote:

Directory attributes have different meanings than files, related to how the inode is handled.

Read allows access to directory contents.
Write allows file creation in a directory.
Execute allows traversal (i.e., search, see below) of the directory.

And from chmod man page:

Quote:

The letters rwxXst select file mode bits for the affected users: read (r), write (w), execute (or search for directories) (x), execute/search only if the file is a directory or already has execute permission for some user (X)

When you think about it, you cannot "read", "write" or "execute" a directory - so the attribute bits are put to better use.