HPE Community
Operating System - HP-UX
1826510 Members
3621 Online
109694 Solutions
New Discussion

umask 07077 on Trusted Systems

 
SOLVED
Go to solution
Midrange Team
Advisor

‎10-23-2000 09:46 PM

‎10-23-2000 09:46 PM

umask 07077 on Trusted Systems

We have converted out L1000 Hp-UX 11.00 to be a trusted system and I have a query which I can't seem to track down. The default umask for root is now 07077 ? Has anyone seen this before and if so what does it mean and where is it set?
Thanks
0 Kudos
Reply
7 REPLIES 7
Kevin Ernst
Regular Advisor

‎10-24-2000 12:38 PM

‎10-24-2000 12:38 PM

Re: umask 07077 on Trusted Systems

Peter:

I've never actually worked with a 'trusted' system (yet), but...

I'm pretty sure a umask of '07077' means:

Mask out (turn off) the setuid, setgid, and sticky bits (the first '07' part) - AND - mask out the 'group' and 'other' read/write/execute bits (the '077' part), so that directories will be created with default permissions of 'rwx --- ---' and files with permissions of 'rw- --- ---'.

You don't normally see the 'special' (setuid/setgid/sticky) bits masked out explicitly like that, which is kind of weird. I wonder if that completely prevents you from EVER accidentally creating setuid/setgid programs or 'sticky' directories without first changing the umask. Hmm...

Hopefully someone who really knows will pick back up on your question. =)
0 Kudos
Reply
Kevin Ernst
Regular Advisor

‎10-24-2000 12:39 PM

‎10-24-2000 12:39 PM

Re: umask 07077 on Trusted Systems

Peter:

I've never actually worked with a 'trusted' system (yet), but...

I'm pretty sure a umask of '07077' means:

Mask out (turn off) the setuid, setgid, and sticky bits (the first '07' part) - AND - mask out the 'group' and 'other' read/write/execute bits (the '077' part), so that directories will be created with default permissions of 'rwx --- ---' and files with permissions of 'rw- --- ---'.

You don't normally see the 'special' (setuid/setgid/sticky) bits masked out explicitly like that, which is kind of weird. I wonder if that completely prevents you from EVER accidentally creating setuid/setgid programs or 'sticky' directories without first changing the umask. Hmm...

Hopefully someone who really knows will pick back up on your question. =)
0 Kudos
Reply
Kevin Ernst
Regular Advisor

‎10-24-2000 12:40 PM

‎10-24-2000 12:40 PM

Solution

Re: umask 07077 on Trusted Systems

Peter:

I've never actually worked with a 'trusted' system (yet), but...

I'm pretty sure a umask of '07077' means:

Mask out (turn off) the setuid, setgid, and sticky bits (the first '07' part) - AND - mask out the 'group' and 'other' read/write/execute bits (the '077' part), so that directories will be created with default permissions of 'rwx --- ---' and files with permissions of 'rw- --- ---'.

You don't normally see the 'special' (setuid/setgid/sticky) bits masked out explicitly like that, which is kind of weird. I wonder if that completely prevents you from EVER accidentally creating setuid/setgid programs or 'sticky' directories without first changing the umask. Hmm...

Hopefully someone who really knows will pick back up on your question. =)
Reply
Kevin Ernst
Regular Advisor

‎10-24-2000 01:08 PM

‎10-24-2000 01:08 PM

Re: umask 07077 on Trusted Systems

Doh!

Sorry! The thing barfed on me the first two times.
0 Kudos
Reply
Kevin Ernst
Regular Advisor

‎10-24-2000 01:23 PM

‎10-24-2000 01:23 PM

Re: umask 07077 on Trusted Systems

I just really, *really* wanted to answer your question! =)
0 Kudos
Reply
Midrange Team
Advisor

‎10-24-2000 06:01 PM

‎10-24-2000 06:01 PM

Re: umask 07077 on Trusted Systems

Kevin,

Thanks for that info, we have since found that if you convert to a trusted system the default is indeed 07077. However what is strange is that you can't actually set that umask, it comes back with : the specified number is not valid for this command.
0 Kudos
Reply
Kevin Ernst
Regular Advisor

‎10-25-2000 09:08 AM

‎10-25-2000 09:08 AM

Re: umask 07077 on Trusted Systems

I'd seen a 'umask' of something like '02022' before, when I didn't actually ask for the '02' part. The man page for 'umask' mentions nothing about masking out the 'special' bits, so it didn't make a whole lot of sense to me.

In most shells, I think, 'umask' is a shell built-in which will have precedence over the actual /usr/bin/umask command. You might go after the documentation for the particular shell you're running to see if there are any answers there.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.