HPE Community
Operating System - HP-UX
1847260 Members
3959 Online
110263 Solutions
New Discussion

umask setting

 
SOLVED
Go to solution
Anil_5
Advisor

‎12-11-2001 08:51 AM

‎12-11-2001 08:51 AM

umask setting


Hi,
What value do I set the umask for a user so that any file which gets copied or created gets default permisions of rwx-rx-x.

The max I could get the umask was rw-rw-rw.

Please advice
webapp
0 Kudos
Reply
13 REPLIES 13
Ian Dennison_1
Honored Contributor

‎12-11-2001 08:53 AM

‎12-11-2001 08:53 AM

Re: umask setting

What umask command did yuou use to get the result you show? It looks like 'umask 022'.

To achieve the result you want, use 'umask 046' in the .profile file of the relevant user (try it on the command line first)

'man umask' for more info.

Share and Enjoy! Ian
Building a dumber user
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-11-2001 08:56 AM

‎12-11-2001 08:56 AM

Solution

Re: umask setting

I am certain that this is impossible, but I've been suprised before. When you have a umask set, i.e. 022, the default setting for all files created is rw-r--r-- and directories rwx-r-xr-x. the setting for 000 is, as you found rw-rw-rw for files and drwxrwxrwx for directories. Short story long, no default execute permission for files, only directories. I'm sorry to be the bearer of bad news (or if there is actually a way)

Good luck
Chris
It wasn't me!!!!
Reply
Justo Exposito
Esteemed Contributor

‎12-11-2001 08:57 AM

‎12-11-2001 08:57 AM

Re: umask setting

Hi Ani,

022 is the answer.

Regards,

Justo
Help is a Beatiful word
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-11-2001 08:58 AM

‎12-11-2001 08:58 AM

Re: umask setting

The short answer is that you can't. Regular files are created with a default creation mask of 666. If you want to set the execution bit, you must explicitly do a chmod 755. If you are creating the file in C for eaxample, you can set the creation mask in the open/creat system call and achieve what you are trying in one step but from the shell it will take two steps. I would rather have you set umask to something like 022 or at least 002 and then explicitily do a chmod to extend permissions. That is a safer metrher and the chmod is going to be required in any case. Only directories are created with a creation mask of 777.
If it ain't broke, I can fix that.
0 Kudos
Reply
Praveen Bezawada
Respected Contributor

‎12-11-2001 09:02 AM

‎12-11-2001 09:02 AM

Re: umask setting

Hi
to get rw-rw-rw- , you need a umask 111

...BPK...
0 Kudos
Reply
Ian Dennison_1
Honored Contributor

‎12-11-2001 09:05 AM

‎12-11-2001 09:05 AM

Re: umask setting

A little note on your example,

rwxr-x--x will probably not allow others (non User and non Group members) to run the file, as they cannot read it.

Just in case it was not a mis-type.

Share and Enjoy! Ian
Building a dumber user
0 Kudos
Reply
Anil_5
Advisor

‎12-11-2001 09:06 AM

‎12-11-2001 09:06 AM

Re: umask setting

Thanks for the answers, we are running a webserver, so when a change is made or new .gif & .html are added into the directory they get displayed on the website immediately.,that means if the file does not get rwx-rx-x on creation or on copy the web site displays an unauthorised message.

So If I do a chmod each time the delay between file copy and excuting the command on changed file is high.
Any remedy for this, doesn't seem to be the case on Solaris.
webapp
0 Kudos
Reply
Ian Dennison_1
Honored Contributor

‎12-11-2001 09:14 AM

‎12-11-2001 09:14 AM

Re: umask setting

Does the file really need to be executable, or is this something that the application / web server insists on? What is the lowest set of permissions that the web server will support on a file to allow it to be visible?

A possible get around (which is probably slower than a chmod) is to 'cp' a dummy file with the right permissions, then copy across the actual file. This should keep the right permissions after copying.

Share and Enjoy! Ian
Building a dumber user
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎12-11-2001 09:16 AM

‎12-11-2001 09:16 AM

Re: umask setting

hi,

Yes, the max you can get for a file is rw permissions for everybody. That''s the way umask works. The exec bit is set for directories and not for files.
A sample test:
#umask
077
#touch test1
#ll test1
-rw------- 1 tester unix 0 Dec 11 12:11 test1
#umask 022
#touch test2
#ll test2
-rw-r--r-- 1 tester unix 0 Dec 11 12:11 test2
#umask 000
#touch test3
#ll test3
-rw-rw-rw- 1 tester unix 0 Dec 11 12:12 test3
#umask 011
#touch test4
#ll test4
-rw-rw-rw- 1 tester unix 0 Dec 11 12:12 test4
#umask 022
#mkdir dirtest
#ll -d dirtest
drwxr-xr-x 2 tester unix 96 Dec 11 12:12 dirtest
**

As you can see even umask of 000 will not do it.

I think there is a logic to this, because execute permission to a new file is not valid in most cases, unless it is an "'executable"' and that would happen only after you edit it (or compile it). Whereas directories would need execute permissions to allow access into their contents (i.e files).

HTH
raj
Take it easy.
0 Kudos
Reply
Anil_5
Advisor

‎12-11-2001 09:36 AM

‎12-11-2001 09:36 AM

Re: umask setting

The webserver needs rwx-rx-x(others) the others are the ones who browse the pages from a browser so the file needs execute permissions. It doesn't have to be read as only the user needs to read it.

I have checked out all options given in your prompt answers the best I could get was rw-rw-rw.

I assumed a file would take the directory's permissions. So doing a chmod 755 is the only way out it seems. Unless someone hits on a bright idea.

AJ
webapp
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-11-2001 09:38 AM

‎12-11-2001 09:38 AM

Re: umask setting

The correct permissions for a gif or html file (or other pure data file) would be 644, not 755. It makes no sense to put execute permissions on a file that is not executable. As mentioned, umask 022 will accomplish this.

html files do not need to be executable, only readable as the shell will not interpret this code. Any files that are 666 or 777 should automatically be suspect as a security violation since they can be trashed by anyone.


Bill Hassell, sysadmin
Reply
Roger Baptiste
Honored Contributor

‎12-11-2001 09:48 AM

‎12-11-2001 09:48 AM

Re: umask setting

Anil,

Gif, Jpe or Html files do not need execute permissions to be accessed!! Read permission is sufficent to view it on the browser and write permissions for the owners of the file to manipulate it. The question of execute permission does not arise at all!

HTH
raj
Take it easy.
Reply
Darrell Allen
Honored Contributor

‎12-11-2001 10:27 AM

‎12-11-2001 10:27 AM

Re: umask setting

Hi,

I don't know your environment but I'd create the files somewhere other than the production directory, chmod them, then copy them into production. You could use cpio, tar, cp, rcp, or whatever just so long as you preserve permissions (and ownership).

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.