[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Umask 002 policy

On (22/12/04 17:37), David Mandelberg wrote:
> Clive Menzies wrote:
> > For existing directories: $ chmod -R 775 should do the trick
> That will work for the directories themselves, but all files in them will be
> executable.
> 
> I wrote a (very basic) bash script that will recursively make normal files one
> permission and directories another.[1] Just download it, look at the code to
> make sure it doesn't screw anything up, chmod +x it (make sure one of the
> EXCLUDE regexes matches the file you download so it doesn't change it's own
> permissions), and run it like this: ./perm_set /home/`id -un`
> 
> Another way to do it is chmod -R u+rw,g+rw,o-w
> 
> [1] http://code.eth0.is-a-geek.org/perm_set/perm_set
Thanks David

I shall give it a whirl, when I get some head space to play with it.  I
have a very basic understanding of scripting and regexes - an
opportunity to learn ;)

However, I personally did chmod -R 770 on the basis that there aren't
usually executables in people's data files (at least not the users I'm
catering for).  Nevetheless I can see the desirability of eliminating
the possibility of malicious scripts being executed.

Regards

Clive

-- 
www.clivemenzies.co.uk ...
...strategies for business
Reply to: