-   Linux - Security (
-   -   Umask and Linux Default Permissions (

Sandoomaphone 08-22-2004 12:11 AM

Umask and Linux Default Permissions
Hey Everybody - I am new to these forums and need a bit of help!

So here's the problem - just say I have the folder "/Family/Bill". The permissions on this folder are 0707. When I create a new file\folder in this directory, lets say /Family/Bill/Documents then the permissions are not propergated from the parent directory down to that directory - HOW would I make Linux do this. i have tried using umask (umask 707) but that doesn't work.

Also - Bill, for you info, is just a regular user and his directory is 707 permissions, but there is another directory on my system (a public storage directory) that I want 2 use the 777 permissions on - HOW would I make umask or whatever have different sets of default Linux permissions on the SAME HDD?

please regard these questions as one supporting the other, or give answers to them seperatley - they r both in relation to the same comp.



darthtux 08-22-2004 01:17 AM

If you want default directory permissons to be 707 then the umask needs to be 070. The umask is the permission you want subtracted from 777. So 777 - 707 = 070,

To change the umask for everyone put it in /etc/profile. For an individual user put in ~/.bash_profile

To change individual permissions use the chmod command.
chmod 777 directory name
to change the permissions on a directory and all files and directories under it:
chmod -r 777 directory

Sandoomaphone 08-22-2004 05:30 AM

Okay, I did what you said but I still get 644 permissions on new files and 755 permissions on new directories.

What should I do?

darthtux 08-22-2004 05:57 AM

The default umask for new files is taken from 666. So, the default permissions for files is 644. That is ususally all you need. All files except executable programs only need read access for others besides user and group (like text, pictures, etc.) . The majority of programs that install have the executable permission set. If you write your own scripts you have to set it with chmod 755 filename.

Did you put

umask 070
in either /etc/profile (for all users) or the .bash_profile (notice the dot) in your home directory?

After you edit the file log out and back in or source the file.
source ~/.bash_profile
source /etc/profile

Sandoomaphone 08-22-2004 06:13 AM

So here's what I am doing:

1. Login as root (I am using KDE 2)
2. K Menu ->Run Command ->Konsole ->umask 070 ->exit.
3.Crank up Konqueror and create a new file (Text File) in /lost+found (for example).
4. Check permissions and they are as follows......

-rw-r--r-- which is 644

Funny thing is though, when I have just finished creating the file, the umask switches back to 0022. And even when I change it before I create the file (look below)

1. Login as root (I am using KDE 2)
2. K Menu ->Run Command ->Konsole ->umask 070 ->umask (I recieve 0022) ->exit.

I recieve 0022.

:newbie: What is wrong?

darthtux 08-23-2004 01:50 AM

I already explained it clearly to you. You HAVE to put umask in the .bash_profile file in the home directory for your user. Then log out and back in.

If you make the umask 070 files will be created with permissions 606. That's just how it works. And BTW, like I already said, you don't need execute permissions on regular files. Period.

To be perfectly clear:
Open konsole
Type in
kate ~/.bash_profile
put in the line
umask 070
save, exit, completely log out and back in.

Sandoomaphone 08-23-2004 03:45 AM

Thanks for all your help, darthtux! I understand what you are trying to get me to do.

This is my setup.....

I have a small Home Network of 7 PCs with different OSes - Linux, Windows XP, 2000, NT 4.0,DOS 7.10 and Windows for Workgroups 3.11.

On my Debian Linux 2.4 Kernel Box, I have a Samba 2.2 Server setup with multiple users setup on the Linux Box which are registered in the Samba User directory. I have set up the create mask parameter correctly in samba but just say that I put a person on the Linux box, I want the correct permissions to be put onto ANYTHING they create - Anything in their Home directory to have 707 permissions (files and directories) and anything that is put places by installing files and the like are to have normal, everyday default Linux permissions. This is fine but the umask parameter would change the default Linux Permissions for that User on ANY directory - I do not want this because just say that Bill installs a program that I find to be useful, I can't access it because I don't have permission. Yeah, I could just log-in as root, but having to do that EVERY time would be a bit of a hassle so thats the reason that I am persuing this.

Secondly, The root account on the linux box would be a problem if it was going to write something to, say, the Guest's user directory as the 707 permissions would be braught (sp?) across to the Guest's user directory for that file\folder and as the Guest's user directory is meant to be able (on MY network) to be accessible both locally and remotely by ANY user, than this would mean that I would not be able to access that file(s)\folder(s) when I am logged in as me or ANYbody for that matter, becuase of the 707 permissions.

Get my drift????????......................

Sorry for the long post, and I hope you can give me some advice, please post again if I wasn't clear enough! I do also understand that umask may not be able to do this kind of stuff. If so, can u please create a (better) version so that I can use it to apply default permissions to seperate Directorys and or files that belong to different users -OR- alternatively, you could point me to a Linux program that can do this kinda stuff - I don't mind upgrading to Samba 3.0\Kernel 2.6 as I was going to do this soon anyway IF I HAVE TO.

P.S. Please don't give me suggestions like "Well, you could use different permissions" or anything - This is how I need and want it setup - I will NOT change without a very good reason! I AM OPEN FOR SUGGESTIONS THOUGH!

cfgert 08-23-2004 08:45 AM


I now work with extended acl support for my samba shares (and some other directories). This solves those problems perfectly. The only problem is the bad support from various Linux/Unix tools. (search for setfacl/getfacl)


Sandoomaphone 08-23-2004 04:29 PM

Thanks for the quick reply!

I looked into the setfacl\getfacl package and it seems that it is not readily avalible for Debian Linux. Therefore, would it be included by default in the Linux Kernel 2.6? If so, I'll upgrade!

If I can do anything to get it, tell me as well!



cfgert 08-23-2004 04:48 PM

Perhaps this helps (depending on the filesystem you use):

Sounds like patching and recompiling the kernel .


All times are GMT -5. The time now is 04:16 AM.