Re: umask

[Ron Flory <ron.flory@adtran.com>]

ktb wrote:
> 
> Andrew McRobert wrote:
> >
> > hi all
> >
> > When a user creates a new directory/file in their home directory, the setuid
> > bit is always set for group members, ie.
> >
> > drwxr-sr-x
> >
> > umask = 022, what do I need to set it to, for new files to = drwxr-xr-x ...
> > and is this ok security-wise ... the execute bit?
> >
> > thanks
> >
> > Andrew
> 
> I'm not very good with numeric file modes.  I usually use symbolic but I
> think the permissions you want would be 755. 

> Assuming that is correct you subtract that number from 777 to get the
> unmask number-- 777-755=22 

 careful- the operation is a binary AND of the ones-compliment of the
umask.  A subtract might generate a borrow, which would interfere with
adjacent bits and have very unexpected results.

 look ak at 'man 2 umask' which describes the C function call, yet
provides some insight into how the umask actually works.  Remember that
this is a 9 bit octal field (3 groups of 3 'rwx' bits).

       umask sets the umask to mask & 0777.

       The  umask  is used by open(2) to set initial file permis­
       sions on a newly-created file.  Specifically,  permissions
       in  the  umask  are  turned  off from the mode argument to
       open(2) (so, for example, the common umask  default  value
       of 022 results in new files being created with permissions
       0666 & ~022 = 0644 = rw-r--r-- in the usual case where the
       mode is specified as 0666).

ron