-
Notifications
You must be signed in to change notification settings - Fork 62
/
umask
127 lines (67 loc) · 3.03 KB
/
umask
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
1. View current umask permissions and then, for the current shell session, set umask permissions to 0.
[root@localhost ~]# umask
0022
[root@localhost ~]# umask 0
[root@localhost ~]# umask
0000
[root@localhost ~]#
Note: umask will add leading zeros
2. Navigate into the /tmp directory and touch file1 and dir1 and view current permissions.
[root@localhost user]# cd /tmp
[root@localhost tmp]# touch file1
[root@localhost tmp]# mkdir dir1
[root@localhost tmp]# ls -l
total 0
drwxrwxrwx. 2 root root 6 May 1 11:10 dir1
-rw-rw-rw-. 1 root root 0 May 1 11:10 file1
[root@localhost tmp]#
3. Mask permissions for the "other" users to write a file when created, then touch file2 and view permissions.
Tip: If file permissions start at 666 and you want to "remove/mask" permissions for other users to read and write,
then you will need to subtract the octoal notation representing write permissions which is 2.
[root@localhost tmp]# umask 002
[root@localhost tmp]# touch file2
[root@localhost tmp]# ls -l
total 0
drwxr-xr-x. 2 root root 6 May 1 11:10 dir1
-rw-rw-rw-. 1 root root 0 May 1 11:10 file1
-rw-rw-r--. 1 root root 0 May 1 11:13 file2
[root@localhost tmp]#
Tip: umask 002 resulting in default permissions on newly created files of 664 (no execute and you "masked" write permissions).
4. Mask write access for group members and the write for "other" permissions, then touch file3 and view permissions.
[root@localhost tmp]# umask 022
[root@localhost tmp]# touch file3
[root@localhost tmp]# ls -l
-rw-r--r--. 1 root root 0 May 1 11:16 file3
[root@localhost tmp]#
5. Mask read and write permissions for the owner of a file and leave read/write for both group
and other permissions, then touch file4 and mkdir dir3 and view permissions.
[root@localhost tmp]# umask 600
[root@localhost tmp]# touch file4
[root@localhost tmp]# mkdir dir3
[root@localhost tmp]# ls -l
total 0
d--xrwxrwx. 2 root root 6 May 1 11:18 dir3
----rw-rw-. 1 root root 0 May 1 11:18 file4
[root@localhost tmp]#
6. Mask all permissions including execute permissions on new directories, then touch file5.
[root@localhost tmp]# umask 777
[root@localhost tmp]# touch file5
Tip: Setting umask 666 would mask all permissions on files but leave execute on directories.
Directories need execute permissions in order for someone to "change into the directory".
7. Mask read/write access for group for non-privileged users and other permissions and make these changes persistent.
[root@localhost ]#vim /etc/bashrc
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 066
else
umask 022
fi
[root@localhost ]#vim /etc/profile
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 066
else
umask 022
fi
Note: In order for users to have sudo privileges (a privileged user), they generally will have a
primary group of "wheel". What the script says if the primary/effective group does not match the username
(remember generally users primary/effective group will be the same as the username) then consider
the user a privileged user.