cancel
Showing results for 
Search instead for 
Did you mean: 

file permissions query

SOLVED
Go to solution
iinfi1
Super Advisor

file permissions query

hi all,
i need to do a couple of things.
1)I need all files or folders created in a folder "data" to have group owner as abc.
2)files created in the directory should have 660 as permission and folders should have 550. Is this possible? i know it is possible if the folders are part of samba and rights need to be assigned to samba users. thru create mask and directory mask. but for unix users is it possible?

i could do achieve the point 1 with
chgrp abc /data
chmod g+s /data
this ensures that all files or folders which are created further in the folder will have the same group owner
8 REPLIES
Matti_Kurkela
Honored Contributor

Re: file permissions query

2)
Permissions 550 for folders, i.e. dr-xr-x---? In that case, only root can write into those folders, so they won't be very useful for regular users.

Maybe you want 770 for folders instead, i.e. drwxrwx---?

The default permissions for unix users are controlled by a parameter called "umask". Unfortunately, it cannot be set for a directory tree, as the umask value is a property of processes, not directories.

But the designers of most Linux distributions have been clever: usually, each user is assigned his/her own primary group so that nobody else belongs to that group and the group's GID equals the user's UID. This means there is no harm in setting the users' default umask to a value that allows group writes, since the group will usually contain only the user him/herself. Only in directories with "chmod g+s", the group owner gets a different value... which is probably exactly what you want.

To get permission 660 for regular files and 770 for directories, you should set the umask to 007 (in umask, you set the permission bits you wish to always take away).

Just add the command "umask 007" to the end of /etc/profile, then ask your users to logout & log back in and you're done.

MK
MK
Dennis Handly
Acclaimed Contributor

Re: file permissions query

>MK: then ask your users to logout & log back in

Or have them execute the "umask 007" command if they have a shell and you don't care if they know.
iinfi1
Super Advisor

Re: file permissions query

thank you Matti and Dennis.
i was able to achieve what i needed.

when i add the linux umask 007 in /etc/profile in SLES11 the new files created had the permissions 660 and folders 770. Perfect.

when i tried the same in Cent OS changing anything in /etc/profile didnt work.
the file /etc/login.defs had the following lines
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077

still the umask run on command line showed the value 0022
[u1@localhost ~]$ umask
0022

i had to add the line in at the end of bashrc.
umask 007

well this confused me a bit. i read why umask is used frm this link http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
is it that /etc/login.defs and /etc/profile files are not read by CentOS to assign the umask values. or is it that basrc is what controls umask values in CentOS

Matti_Kurkela
Honored Contributor
Solution

Re: file permissions query

Bashrc is executed after /etc/profile, so setting the umask there will override all previous settings in /etc/login.defs or /etc/profile.

The logic is as follows:
First the login process will initialize very basic & safe environment using /etc/login.defs. After that, the user's shell is started. The shell will execute one or more start-up scripts, depending on the type of the user's shell. Any of these scripts may augment or override the previous environment settings.

For the bash shell (the default shell of RHEL and CentOS), see "man bash", chapter "INVOCATION" on what login scripts bash will execute and in which order.

MK
MK
iinfi1
Super Advisor

Re: file permissions query

thank you sir ... wish you a very happy new year :)
iinfi1
Super Advisor

Re: file permissions query

we i jus thought i got most of the things going when i found there is another issue.
having a line
umask 007
at the end of /etc/bashrc
results in changing the umask of only those users who ssh into the machine. And not the users who login thru GNOME.
there is no effect if I add the line 'umask 007' to the /etc/profile or /etc/login.defs.

[arvind@home ~]$ umask
0022

my actual requirement was to have the 007 umask only in a few mounted drives.
so i changed the fstab to the following

/dev/vg1/root / ext3 defaults 1 1
/dev/vg2/data /data_vms/data ext3 umask=007 1 2
/dev/vg1/arvind /data_vms/arvind ext3 defaults 1 2

the umask value in the fstab has no effect, infact it throws an error!
docs which i went thru showed me umask works for vfat partitions. does it not work for ext3!!
more docs i go thru i get confused more ... :(
Stuart Browne
Honored Contributor

Re: file permissions query

Sadly, having different mask requirements for files and directories makes life fairly difficult for most Linux systems.

Given the specific nature of your requirements, you'll probably want to look at mounting the filesystem with ACL support, then using tools to set the default file and directory ownership / permissions, i.e.

getfacl / setfacl
One long-haired git at your service...
iinfi1
Super Advisor

Re: file permissions query

ACLs?? ohk ... thanks for your help. I thought there could be a better way to do it.
Thanks again.