Re: Help! File permissions keep changing...

[John Hardcastle <johnhardcastle@ihug.co.nz>]

This probably belongs on the Debian User list rather than the Security 
list, but anyway, here is your answer.

> What do I need to change the 022 setting to be for -rwxrwx--- ?

1) umask 007 will allow a user to create a file with permissions 
-rw-rw---- or 0660.  To make the file executable the user would have to 
chmod the file.  (Read the chmod man page.)  The easiest form is not the 
simplest to understand, chmod 770 filename.  Easier to understand is 
chmod u+x, g+x filename.
2) Referring back to your original post, the only user who can change 
the owner of a file is the owner of that file, with the chown command.  
For someone else to apparently change the owner of a file this means 
they first deleted the file then rewrote it (created a new file) to make 
it their own.  The only way this can happen is due to directory 
permissions.  If the users all have write permissions to the directory, 
then obviously they have permission to delete and create any files in 
the directory, not just their own.  I repeat, this is a function of 
directory permissions, not file permissions. To prevent this, you could 
add the sticky bit to the directory so only the owners can delete 
files.   From the chmod man page:

STICKY DIRECTORIES
      When  the sticky bit is set on a directory, files in that 
directory may
      be unlinked or renamed only by root or their owner.  Without the 
sticky
      bit,  anyone able to write to the directory can delete or rename 
files.
      The sticky bit is commonly found on directories, such as /tmp, 
that are
      world-writable.

Play around with umask, chmod, chown etc, you'll get it figured out...

John



But this is all basic UN*X.  You should know this if you are 
administering a 50 user site...

>