topic Re: file permissions query in Operating System - Linux

file permissions query

iinfi1 — Tue, 29 Dec 2009 18:53:15 GMT

hi all,
i need to do a couple of things.
1)I need all files or folders created in a folder "data" to have group owner as abc.
2)files created in the directory should have 660 as permission and folders should have 550. Is this possible? i know it is possible if the folders are part of samba and rights need to be assigned to samba users. thru create mask and directory mask. but for unix users is it possible?

i could do achieve the point 1 with
chgrp abc /data
chmod g+s /data
this ensures that all files or folders which are created further in the folder will have the same group owner

Re: file permissions query

Matti_Kurkela — Tue, 29 Dec 2009 19:44:12 GMT

2)
Permissions 550 for folders, i.e. dr-xr-x---? In that case, only root can write into those folders, so they won't be very useful for regular users.

Maybe you want 770 for folders instead, i.e. drwxrwx---?

The default permissions for unix users are controlled by a parameter called "umask". Unfortunately, it cannot be set for a directory tree, as the umask value is a property of processes, not directories.

But the designers of most Linux distributions have been clever: usually, each user is assigned his/her own primary group so that nobody else belongs to that group and the group's GID equals the user's UID. This means there is no harm in setting the users' default umask to a value that allows group writes, since the group will usually contain only the user him/herself. Only in directories with "chmod g+s", the group owner gets a different value... which is probably exactly what you want.

To get permission 660 for regular files and 770 for directories, you should set the umask to 007 (in umask, you set the permission bits you wish to always take away).

Just add the command "umask 007" to the end of /etc/profile, then ask your users to logout & log back in and you're done.

MK

Re: file permissions query

Dennis Handly — Wed, 30 Dec 2009 16:33:39 GMT

>MK: then ask your users to logout & log back in

Or have them execute the "umask 007" command if they have a shell and you don't care if they know.

Re: file permissions query

iinfi1 — Thu, 31 Dec 2009 10:33:18 GMT

thank you Matti and Dennis.
i was able to achieve what i needed.

when i add the linux umask 007 in /etc/profile in SLES11 the new files created had the permissions 660 and folders 770. Perfect.

when i tried the same in Cent OS changing anything in /etc/profile didnt work.
the file /etc/login.defs had the following lines
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077

still the umask run on command line showed the value 0022
[u1@localhost ~]$ umask
0022

i had to add the line in at the end of bashrc.
umask 007

well this confused me a bit. i read why umask is used frm this link http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
is it that /etc/login.defs and /etc/profile files are not read by CentOS to assign the umask values. or is it that basrc is what controls umask values in CentOS

Re: file permissions query

Matti_Kurkela — Thu, 31 Dec 2009 14:16:57 GMT

Bashrc is executed after /etc/profile, so setting the umask there will override all previous settings in /etc/login.defs or /etc/profile.

The logic is as follows:
First the login process will initialize very basic & safe environment using /etc/login.defs. After that, the user's shell is started. The shell will execute one or more start-up scripts, depending on the type of the user's shell. Any of these scripts may augment or override the previous environment settings.

For the bash shell (the default shell of RHEL and CentOS), see "man bash", chapter "INVOCATION" on what login scripts bash will execute and in which order.

MK

Re: file permissions query

iinfi1 — Thu, 31 Dec 2009 20:48:03 GMT

thank you sir ... wish you a very happy new year :)

Re: file permissions query

iinfi1 — Sun, 03 Jan 2010 15:50:49 GMT

we i jus thought i got most of the things going when i found there is another issue.
having a line
umask 007
at the end of /etc/bashrc
results in changing the umask of only those users who ssh into the machine. And not the users who login thru GNOME.
there is no effect if I add the line 'umask 007' to the /etc/profile or /etc/login.defs.

[arvind@home ~]$ umask
0022

my actual requirement was to have the 007 umask only in a few mounted drives.
so i changed the fstab to the following

/dev/vg1/root / ext3 defaults 1 1
/dev/vg2/data /data_vms/data ext3 umask=007 1 2
/dev/vg1/arvind /data_vms/arvind ext3 defaults 1 2

the umask value in the fstab has no effect, infact it throws an error!
docs which i went thru showed me umask works for vfat partitions. does it not work for ext3!!
more docs i go thru i get confused more ... :(

Re: file permissions query

Stuart Browne — Tue, 05 Jan 2010 07:02:41 GMT

Sadly, having different mask requirements for files and directories makes life fairly difficult for most Linux systems.

Given the specific nature of your requirements, you'll probably want to look at mounting the filesystem with ACL support, then using tools to set the default file and directory ownership / permissions, i.e.

getfacl / setfacl

Re: file permissions query

iinfi1 — Tue, 05 Jan 2010 13:20:53 GMT

ACLs?? ohk ... thanks for your help. I thought there could be a better way to do it.
Thanks again.