Re: Help! File permissions keep changing...
This probably belongs on the Debian User list rather than the Security
list, but anyway, here is your answer.
> What do I need to change the 022 setting to be for -rwxrwx--- ?
1) umask 007 will allow a user to create a file with permissions
-rw-rw---- or 0660. To make the file executable the user would have to
chmod the file. (Read the chmod man page.) The easiest form is not the
simplest to understand, chmod 770 filename. Easier to understand is
chmod u+x, g+x filename.
2) Referring back to your original post, the only user who can change
the owner of a file is the owner of that file, with the chown command.
For someone else to apparently change the owner of a file this means
they first deleted the file then rewrote it (created a new file) to make
it their own. The only way this can happen is due to directory
permissions. If the users all have write permissions to the directory,
then obviously they have permission to delete and create any files in
the directory, not just their own. I repeat, this is a function of
directory permissions, not file permissions. To prevent this, you could
add the sticky bit to the directory so only the owners can delete
files. From the chmod man page:
When the sticky bit is set on a directory, files in that
be unlinked or renamed only by root or their owner. Without the
bit, anyone able to write to the directory can delete or rename
The sticky bit is commonly found on directories, such as /tmp,
Play around with umask, chmod, chown etc, you'll get it figured out...
But this is all basic UN*X. You should know this if you are
administering a 50 user site...