HPE Community
Operating System - HP-UX
1833301 Members
3047 Online
110051 Solutions
New Discussion

a note about umask and trusted systems

 
someone_4
Honored Contributor

‎03-29-2002 07:30 AM

‎03-29-2002 07:30 AM

a note about umask and trusted systems

Hey everyone
there was an issue that I had here is the orig link.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x41958cc5e03fd6118fff0090279cd0f9,00.html

But here is some information that I requested from HP that I wanted to share because I found it very intresting.

FR: lisa_jefferson

Hi Richard,

I did some research, and you're correct on trusted systems for 11.0 the umask was getting set to 07077. This was found to be a defect & has been corrected with the syscall:msem_lock:umask cumulative patch PHKL_23226. With this patch installed, on trusted systems the default setting for umask will be 077 .

You can download patch PHKL_23226 from the ITRC with the following steps.

Start at http://itrc.hp.com
Click on Maintenance and Support
Login with your user id and password
Click on individual patches
Click on hp-ux
Select Series <800 or 700> 11.0
Change the search option from "Search by Keyword" to "Search By Patch IDs"
Type in PHKL_23226, click on search

When the search returns download patch PHKL_23226 & its dependency patches.

FYI, an enhancement request has already been submitted to modify the umask(1)
man page when trusting a system the default umask is 077.

As you mentioned you can set the umask to 022 in /etc/profile.

Regards,


Lisa Jefferson

0 Kudos
Reply
6 REPLIES 6
someone_4
Honored Contributor

‎03-29-2002 07:35 AM

‎03-29-2002 07:35 AM

Re: a note about umask and trusted systems

Just wondering but in the man pages for umask :
Numeric Mask Value (Obsolescent)
A numeric mask replaces the current file mode creation mask. It is
specified as an unsigned octal integer, constructed from the logical
OR (sum) of the following mode bits (leading zeros can be omitted):

0400 ( a=rwx,u-r) Read by owner
0200 ( a=rwx,u-w) Write by owner
0100 ( a=rwx,u-x) Execute (search in directory) by owner
0040 ( a=rwx,g-r) Read by group
0020 ( a=rwx,g-w) Write by group
0010 ( a=rwx,g-x) Execute/search by group
0004 ( a=rwx,o-r) Read by others
0002 ( a=rwx,o-w) Write by others
0001 ( a=rwx,o-x) Execute/search by others


How is 07077 a valid umask?

Richard
0 Kudos
Reply
Chris Vail
Honored Contributor

‎03-29-2002 08:32 AM

‎03-29-2002 08:32 AM

Re: a note about umask and trusted systems

Look at man 2 chmod.

The 7077 umask would setuid and gid on execution, with record locking enforced. The file would also have read/write/execute permissions for everyone except the owner.

Its a valid umask, but it doesn't make much sense.


Chris
0 Kudos
Reply
someone_4
Honored Contributor

‎03-29-2002 08:47 AM

‎03-29-2002 08:47 AM

Re: a note about umask and trusted systems

As you see below the umask sets permsions to the owner of file to read and write and directores rwx.


/home/richard/umask> umask
07077

/home/richard/umask# mkdir root_dir
/home/richard/umask# touch root_file

/home/richard/umask# ll

total 0

drwx------ 2 root sys 96 Mar 29 10:46 root_dir
-rw------- 1 root sys 0 Mar 29 10:46 root_file

Richard
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-29-2002 08:52 AM

‎03-29-2002 08:52 AM

Re: a note about umask and trusted systems

Hopefully this explains it .. interesting .. a new thing for me as well ..

http://bizforums.itrc.hp.com/cm/QuestionAnswer/1,,0xf2e5f841489fd4118fef0090279cd0f9,00.html
0 Kudos
Reply
Wodisch
Honored Contributor

‎03-29-2002 08:53 AM

‎03-29-2002 08:53 AM

Re: a note about umask and trusted systems

Hi,

I guess the idea was to NOT have any SUID (04000), SGID (02000), or Stickybit (01000) set upon file creation, but as those are never set automatically, it was quite useless...

Just my $0.02,
Wodisch
0 Kudos
Reply
someone_4
Honored Contributor

‎03-29-2002 09:01 AM

‎03-29-2002 09:01 AM

Re: a note about umask and trusted systems

Intresting :
#########################
Kevin Ernst


October 24, 2000 20:40 PM GMT [ 8 pts ]

--------------------------------------------------------------------------------
Peter:

I've never actually worked with a 'trusted' system (yet), but...

I'm pretty sure a umask of '07077' means:

Mask out (turn off) the setuid, setgid, and sticky bits (the first '07' part) - AND - mask out the 'group' and 'other' read/write/execute bits (the '077' part), so that directories will be created with default permissions of 'rwx --- ---' and files with permissions of 'rw- --- ---'.

You don't normally see the 'special' (setuid/setgid/sticky) bits masked out explicitly like that, which is kind of weird. I wonder if that completely prevents you from EVER accidentally creating setuid/setgid programs or 'sticky' directories without first changing the umask. Hmm...

Hopefully

#######################

I am wondering where Mr. Bill Hassell is .. I would almost bet he knows something about this issue.

Richard
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.