Working with User, Groups, and Permissions
Part VII
Setting Default Permissions with umask:
· In the previous section, you learned how to work with default ACLs
· umask is a shell setting that determines the default permissions that you will get if you don't use ACLs
· In this section, you will learn how to modify default permissions using umask
· when creating a new file, some default permissions are set
· these permissions are determined by the umask setting
o this is a shell setting that is applied to all users when logging in to the system
o the umask setting contains a numeric value that is subtracted from the maximum permissions that can be set automatically to a file
o maximum setting for files: 666
o maximum setting for directories: 777
o there are some exceptions to this rule
· overview of umask settings in table below:
Umask values and their results:
· of the digits used in the umask, as with the numeric arguments for the chmod command, the first digit refers to end-user permissions, the 2nd digit refers to the group permissions and the last refers to default permissions set for others
· the default umask setting of 022, gives 644 for all new files and 755 for all new directories that are created on your server
· There are 2 ways to change the umask settings:
o one for all users
o one for individual users
· If you want to set umask for all users, you must make sure the umask setting is entered in the configuration file /etc/profile
o If the umask is changed in this file, it applies to all users after logging in to your server
o An alternative to setting the umask setting in /etc/profile, where it is applied to all users logging into the system, is to change the umask settings in a file with the name .profile OR .bash_profile OR .bashrc, which is created in the home directory of an individual user
§ settings applied in these files are for the individual user only
· Personal environment variables and startup programs should go in ~/.bash_profile
· System wide environment variables and startup programs are in /etc/profile
· Personal aliases and functions are in ~/.bashrc
Additional Info:
Breakdown:
umask u+w
umask u-x,g=r,o+w
umask a=
We covered this, but I wanted to add again, to reinforce:
Example 2:
Example 3:
#umask 022
#umask
Now, let's create a new file:
#touch testfile2
#ls -l testfile*
Here are some other example umask commands:
#umask a+r
#umask a-x
#umask u=rw,go=
#umask 777
#umask 000
Working with Attributes:
List of the most useful attributes:
Example: #chattr +i somefile
-- applies the attribute "i" to somefile
-- To remove: #chattr -s somefile
Real example:
# chattr +i myfile (change attribute of file)
# lsattr myfile (show attribute of file)
# rm myfile (should get an error)
Summary for the entire section of this Program:
· You have learned:
o How to set up your server with users and groups
how to use permissions and attributes to make sure users