Hi folks,
Thanks for all responses:
Rich Pieri <rich.pieri@prescienttech.com>
Steve Franks <scf@nabaus.com.au>
Michael Sullivan <mike@trdlnk.com>
Stephen Harris <sweh@mpn.com>
Glenn Satchell - Uniq Professional Services <Glenn.Satchell@uniq.com.au>
Casper Dik <casper@holland.Sun.COM>
Brian White <white@erim.org>
Tom Henning <tom@waldtsvr.ksc.nasa.gov>
All of them were very insightful and didatic to me.
Best regards for all, Ricardo Ferraro.
________________________________________________________________
Date: 15 May 1997 21:20:01 -0400
From: Rich Pieri <rich.pieri@prescienttech.com>
To: "Ricardo Ferraro G. da Silva" <rferraro@ci.rnp.br>
Subject: Re: Setting correct umask
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "RFGdS" == Ricardo Ferraro G da Silva <rferraro@ci.rnp.br> writes:
RFGdS> I am trying to set any new file to permission 755. When I put
RFGdS> "umask 022" in .cshrc I get permission 644 instead of 755. When I
RFGdS> put "umask 000" I get permission 666 for the new files. This happens
RFGdS> for a normal user belonging to groupid 3000 or if I am superuser.
Right. It is a security "feature". Under modern Unixes, umask cannot be
used to set execute permissions on files, only directories where execute is
synonymous with "searchable".
RFGdS> Everywhere (books or man pages) I even see people talking that the
RFGdS> "default permission" is 777.
They are wrong. 777 is "global" read, write, and execute permission,
something you do not generally want to happen.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
Charset: noconv
iQCVAwUBM3u2PJ6VRH7BJMxHAQGMrwP/R4l2N5+/YhpJ/WP8Opj9aCN5MNIOl9QV
7sm9apWkcAjUrm+KLmQIM7rJ9mxMB715t+gPRcTLUtjzQ9WLodFEfpNFN2cymM9q
dJtVPZWjD0HAZ25q/+CME0tKAuG3lR1B3QVCGtL6qBUZjl6nvYkeCcRdQNbHiizR
PFX9Y2pRZdQ=
=iJrA
-----END PGP SIGNATURE-----
________________________________________________________________
Date: Fri, 16 May 1997 13:30:23 +1000
From: Steve Franks <scf@nabaus.com.au>
To: "Ricardo Ferraro G. da Silva" <rferraro@ci.rnp.br>
Subject: Re: Setting correct umask
Ricardo,
defaults are 777 for directories & 666 for files. Each digit corresponds
to the permissions for user, group & other respectively.
The umask is subtracted from 777 / 666 to give the permission set.
So, if I have a umask 022, 666-022 leaves 644. As r=4, w=2, x=1,
644 is user rwx (4+2+1) group r-- (4) others r-- (4).
For a directory, 777-022 leaves 755 which translates to rwxr-xr-x
A value of 7 equates to rwx on a directory even though the rwx
permissions themselves add to 6. In general, a directory will need a
little more permission freedom than a file eg, to execute a file in a
directory you must first be able to read it. The default of 777 allows
you to get that slightly freer permission set.
You cannot get a permission set of 7 for any user on any file or
directory. If the result of applying the umask is 7 then the system
will apply permission set of 6.
Hope this clarifies things for you.
Regards,
Steve
________________________________________________________________
Date: Fri, 16 May 1997 00:30:04 -0500
From: Michael Sullivan <mike@trdlnk.com>
To: rferraro@ci.rnp.br
Subject: Re: Setting correct umask
There is no such thing as a "default permission" in UNIX. The umask
is, as the name implies, merely a mask. Bits set in the umask value
are cleared from the mode value passed to the open and creat system
calls, which are the means by which all regular files are created.
Unless the program creating the file intends it to be executable, it
will not set the executable mode bits in the mode value it passes to
those system calls. Since the umask value can only clear mode bits, not
set them, there is no way using the umask to add to the permissions
with which a file is created; you can only subtract permissions.
If you want a particular program to create executable files, you could
modify that program to pass an appropriate mode value including the
executable permissions to the open or creat system call, but this is
generally a bad idea, and not done, even by programs that do generate
executables, because then the new file is subject to inadvertent execution
before it is fully written, with unpredictable results. Instead, most
such programs create the file without executable permissions, and only
after the file has been fully written do they change its mode (e.g.
with the chmod system call, or corresponding command) to add the
desired executable permissions.
________________________________________________________________
Date: Fri, 16 May 1997 07:19:19 +0100 (BST)
From: Stephen Harris <sweh@mpn.com>
To: rferraro@ci.rnp.br
Subject: Re: Setting correct umask
When you create a *file* then the "open()" call has a mask in the call.
For normal shell redirects this mask is 0666. This is then modify by the
umask. Thus a file is not possible to be mode 0777 using normal shell
commands
eg echo test > filename
will do open("filename",....,0666)
You can't change this. In your own C (or Perl) programs you can change
it, but not in the shell.
Check out the archives for other answers to this question.
________________________________________________________________
Date: Fri, 16 May 1997 09:40:57 +1000 (EST)
From: Glenn Satchell - Uniq Professional Services
<Glenn.Satchell@uniq.com.au>
To: rferraro@ci.rnp.br
Subject: Re: Setting correct umask
The difference between 777 and 666 is that the execute bit is
set for all users. When you create a file the execute bit is not
set automatically (the compiler is an exception and will set th
eexecute bit on the compiled program). If you're creating shell
scripts then you need to manually set the execute bits (the 'x'
in a ls -l listing).
So umask 022 is the right value to get read and write for the
owner and read for all others. You then need to do chmod +x
'files' to set the execute bits.
regards,
--
Glenn Satchell glenn@uniq.com.au www.uniq.com.au | Windows:
Uniq Professional Services Pty Ltd ACN 056 279 335 |
PO Box 70, Paddington, NSW 2021, (Sydney) Australia | Just another pane
Phone 02 9380 6360 Pager 016 287 000 Fax 02 9380 6416 | in the glass...
VISIT OUR WEB SITE http://www.uniq.com.au
________________________________________________________________
Date: Fri, 16 May 1997 09:58:25 +0200
From: Casper Dik <casper@holland.Sun.COM>
To: "Ricardo Ferraro G. da Silva" <rferraro@ci.rnp.br>
Subject: Re: Setting correct umask
>Dear managers,
>
> Sorry for this simple problem, but I couldn't find yet, any reference in
>books or man pages' that could help.
>
> I am trying to set any new file to permission 755. When I put "umask 022"
>in .cshrc I get permission 644 instead of 755. When I put "umask 000" I
>get permission 666 for the new files. This happens for a normal user
>belonging to groupid 3000 or if I am superuser.
>
> Everywhere (books or man pages) I even see people talking that the
>"default permission" is 777.
That's not quite correct; there is no default permission. All applications
specify a permission flag when opening a file for creation, either with
creat(file, 0xxx) or open(file, O_CREAT |...., 0xxx).
This value is and'ed with ~umask to give the effective permissions.
Typically, programs dont' create executable and use mode 0666 when
creating a file (fopen() also does that).
mkdir(), otoh, is most often called with 0777, as directories do need to
execute
bit set to be usable.
Typically, programs like ld will turn on the execute bit when they make
an executable.
> How can I discover the real "default permission", and how can I change
>the actual 666 permission to 777 ?
You can't; this is hardcoded in applications and libraries.
Typically, this is a good thing as you don't normally create executables
with editors and such.
why do you want all files to have execute permission?
Casper
________________________________________________________________
Date: Fri, 16 May 1997 08:14:58 -0400
From: Brian White <white@erim.org>
To: "Ricardo Ferraro G. da Silva" <rferraro@ci.rnp.br>
Subject: Re: Setting correct umask
Hi,
If you set your umask to 022 and then touch a file, it will have
permission 644. When you create a file, Solaris does not make it
executable by default. Now, once you've set your umask and you copy in
a file that was already executable, the permissions will be 755. I
think I understand what you're trying to do, but I don't think you
really want every file you create to be executable. That could get very
confusing. Anyway, that's my 2 cents.
Hope it helped.
Brian White white@erim-int.com
ERIM International, Inc Ann Arbor, MI
________________________________________________________________
Date: Fri, 16 May 1997 09:04:53 -0400 (EDT)
From: Tom Henning <tom@waldtsvr.ksc.nasa.gov>
To: rferraro@ci.rnp.br
Subject: Re: Setting correct umask
>
> Dear managers,
>
> Sorry for this simple problem, but I couldn't find yet, any reference in
> books or man pages' that could help.
>
<snip>
I could not find this in the manual pages, but it sticks in memory that
the default permissions given newly created files is 666 and the default
permissions for newly created directories is 777. This would explain
why you could not get new files to be created with 755 permissions,
since umask only subtracts permission bits.
Try this:
umask 0
touch /tmp/new_file
mkdir /tmp/new_dir
ls -ld /tmp/new_*
On my system, the file lists with 666 permissions and the directory
lists with 777 permissions.
This is supposed to be a security related feature. No file is ever
created, by default, runnable. Execute permissions have the be explicitly
turned on.
YMMV
Good Luck!
________________________________________________________________
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:55 CDT