HPE Community
Operating System - HP-UX
1833869 Members
1749 Online
110063 Solutions
New Discussion

Override umask on a specific directory

 
Shelby K
Occasional Contributor

‎07-23-2007 06:32 AM

‎07-23-2007 06:32 AM

Override umask on a specific directory

I have two users, pd_user and oracle. Both should have read write execute access on all files under /home/pd_user regardless of what the umask setting for each of the users is. Currently umask is set to 022 for both users. I do not want to change umask as I don't want to affect permissions on files in other directories. I tried creating a default acl entry for /home/pd_user allowing oracle user rwx access. But it does not seem to work when I tried to create a test file as pd_user. It still provided only r-- access to oracle.

ls -ld /home/pd_user
drwxrwsr-x+ 2 pd_user users 8192 Jul 23 11:06 /home/pd_user

getacl /home/pd_user
# file: /home/pd_user
# owner: pd_user
# group: users
user::rwx
group::rwx
class:rwx
other:r-x
default:user:oracle:rwx
default:user:pd_user:rwx
default:group:users:rwx

getacl /home/pd_user/test.txt
# file: /home/pd_user/test.txt
# owner: pd_user
# group: users
user::rw-
user:oracle:rwx #effective:r--
user:pd_user:rwx #effective:r--
group::r--
group:users:rwx #effective:r--
class:r--
other:r--
0 Kudos
Reply
5 REPLIES 5
Todd McDaniel_1
Honored Contributor

‎07-23-2007 06:40 AM

‎07-23-2007 06:40 AM

Re: Override umask on a specific directory

Shelby,

I know that you cannot set exe permissions via umask, so that is out altogether.

The only real way I know to control that would be to have the users su - to pd_user and set the umask in .profile to match what you wanted.



Unix, the other white meat.
0 Kudos
Reply
Shelby K
Occasional Contributor

‎07-23-2007 06:46 AM

‎07-23-2007 06:46 AM

Re: Override umask on a specific directory

I do not want to change the umask for either pd_user or oracle as I do not want either of them to be able to modify files created by the other, in other directories.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-23-2007 07:13 AM

‎07-23-2007 07:13 AM

Re: Override umask on a specific directory

Then you should get used to disappointment. Some flavors of UNIX follow the BSD convention and allow the group permissions to follow those of the parent directory if the setgid bit is set on the parent directory --- but HP-UX ain't one of those. The umask is determined by the parent process.
If it ain't broke, I can fix that.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-23-2007 02:05 PM

‎07-23-2007 02:05 PM

Re: Override umask on a specific directory

> both should have read write execute access on all files

There is *NO* reason to have execute bits set on anything except a script. Unfortunately, there are far too many books that say: chmod 777 to 'fix' permission problems. As the man page for umask describes, a directory starts as 777 and the value for mask is subtracted from that value. Files always start as 666 and umask takes away from that value. There is no possible way (nor do you want it) to set 777 permissions on a file with a umask value. You do not want files with execute bits set *UNLESS* they are scripts.


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-23-2007 04:47 PM

‎07-23-2007 04:47 PM

Re: Override umask on a specific directory

>Both should have read write execute access on all files under /home/pd_user regardless of what the umask setting for each of the users is.

If your umask is 002 then having these two users in the same group would give RW permission.

Other than a crontab job to change the permissions or add ACLs, I don't see how you can solve the issue.

>Todd: I know that you cannot set exe permissions via umask, so that is out altogether.

You can use umask to not subtract the X bit, so that is just as good. Only directories and executables will have X. When you create a script, you must manually use chmod a+x.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.