Checking File Permissions and Ownership for Security
A simple way to calculate umask values is to remember that the number 2 in the umask turns off write permission, while 7 turns off read, write, and execute permission.
The umask (UNIX shorthand for “user file-creation mode mask”) is a four-digit octal number that UNIX uses to determine the file permission for newly created files. Every process has its own umask, inherited from its parent process.
The umask specifies the permissions you do not want given by default to newly created files and directories. umask works by doing a bitwise AND with the bitwise complement of the umask. Bits that are set in the umask correspond to permissions that are not automatically assigned to newly created files.
The most common umask values are 022, 027, and 077. A umask value of 022 lets the owner both read and write all newly created files, but everybody else can only read them:
(0022) umask
0644 resultant mode
A umask value of 077 lets only the file’s owner read all newly created files:
A recent trend among computing centers has been to set up new accounts with a umask of 077, so a user’s files will, by default, be unreadable by anyone else on the system unless the user makes a conscious choice to make them readable.
Leave a Reply
You must be logged in to post a comment.
