Working with User, Groups, and Permissions

Working with User, Groups, and Permissions

Part VII

Setting Default Permissions with umask:

·  In the previous section, you learned how to work with default ACLs

·  umask is a shell setting that determines the default permissions that you will get if you don't use ACLs

·  In this section, you will learn how to modify default permissions using umask

·  when creating a new file, some default permissions are set

·  these permissions are determined by the umask setting

o  this is a shell setting that is applied to all users when logging in to the system

o  the umask setting contains a numeric value that is subtracted from the maximum permissions that can be set automatically to a file

o  maximum setting for files: 666

o  maximum setting for directories: 777

o  there are some exceptions to this rule

·  overview of umask settings in table below:

Umask values and their results:

·  of the digits used in the umask, as with the numeric arguments for the chmod command, the first digit refers to end-user permissions, the 2nd digit refers to the group permissions and the last refers to default permissions set for others

·  the default umask setting of 022, gives 644 for all new files and 755 for all new directories that are created on your server

·  There are 2 ways to change the umask settings:

o  one for all users

o  one for individual users

·  If you want to set umask for all users, you must make sure the umask setting is entered in the configuration file /etc/profile

o  If the umask is changed in this file, it applies to all users after logging in to your server

o  An alternative to setting the umask setting in /etc/profile, where it is applied to all users logging into the system, is to change the umask settings in a file with the name .profile OR .bash_profile OR .bashrc, which is created in the home directory of an individual user

§  settings applied in these files are for the individual user only

·  Personal environment variables and startup programs should go in ~/.bash_profile

·  System wide environment variables and startup programs are in /etc/profile

·  Personal aliases and functions are in ~/.bashrc

Additional Info:

Breakdown:

umask u+w

umask u-x,g=r,o+w

umask a=

We covered this, but I wanted to add again, to reinforce:

Example 2:

Example 3:

#umask 022

#umask

Now, let's create a new file:

#touch testfile2

#ls -l testfile*

Here are some other example umask commands:

#umask a+r

#umask a-x

#umask u=rw,go=

#umask 777

#umask 000

Working with Attributes:

List of the most useful attributes:

Example: #chattr +i somefile

-- applies the attribute "i" to somefile

-- To remove: #chattr -s somefile

Real example:

# chattr +i myfile (change attribute of file)

# lsattr myfile (show attribute of file)

# rm myfile (should get an error)

Summary for the entire section of this Program:

·  You have learned:

o  How to set up your server with users and groups

how to use permissions and attributes to make sure users