Monday, January 26, 2009

umask

Permission Defaults: umask

umask (abbreviated from user mask) is a command and a function in POSIX environments which sets the default permission modes for newly created files and directories of the current process. When a shell or other program is creating a file or directory, it specifies the permissions to be granted. The operating system then removes from those the permissions that the umask does not allow.

The umask only restricts permissions; it cannot grant extra permissions beyond what is specified by the program that creates the file or directory. When programs create files, they usually specify read and write permissions for all users, and no execute permissions at all (rw-rw-rw- or octal 666 in traditional Unix notation). Files created in this way will not be executable even if the umask would have allowed that.

On the other hand, when programs create directories, they usually specify read, write, and execute permissions for all users (rwxrwxrwx or octal 777). Directories created in this way will thus be executable unless the umask restricts that.

$ umask -S
u=rwx,g=rx,o=rx

This default umask provides rw-r--r-- permission for standard files and adds execute
permission for directories, rwxr-xr-x.

You can set a new default by specifying permissions in either symbolic or binary format.
To specify the new permissions, use the -S option. The following example denies others
read permission, while allowing user and group read access, which results in permissions of
rwxr-x---:

$ umask -S u=rwx,g=rx,o=

When you use the binary format, the mask is the inverse of the permissions you want to
set. To set both the read and execute permissions on and the write permission off, you use
the octal number 2, (binary 010). To set all permissions on, you use an octal 0 (binary 000).
The following example shows the mask for the permission defaults rwx, rx, and rx (rw, r,
and r for files):

$ umask
0022

To set the default to deny all permissions only for others, you use 0027, using the binary
mask 0111 for the other permissions:
$ umask 0027


see: http://en.wikipedia.org/wiki/Umask
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)