[NTLUG:Discuss] umask (was: Permissions)
Steve Baker
sjbaker1 at airmail.net
Fri Sep 3 19:47:27 CDT 1999
Hrothgar wrote:
>
> On Fri, 3 Sep 1999 Kyle_Davenport at compusa.com wrote:
>
> :</snip>
> :and set joe's umask:
> :umask 002
> :</snip>
> :
>
> could someone tell me what umask is? the bash man page doesn't tell me
> jack-squat. thanks
It determines what permissions you wish to deny when you create a file.
Hence if you did this:
% umask 777 ; touch t1
% umask 007 ; touch t2
% umask 077 touch t3
% ls -l t?
---------- 1 steve users 0 Sep 3 19:36 t1
-rw-rw---- 1 steve users 0 Sep 3 19:36 t2
-rw------- 1 steve users 0 Sep 3 19:36 t3
You can see that with a umask of 777, files come out with NO permissions
granted at all!
With 007, you prohibited the world from messing with your files.
With 077, you prohibited the world *and* members of your group from
accessing files that you create.
umask with no parameters displays your current umask.
At work, I usually set mine to:
umask 026
...which doesn't prevent any of my permissions from getting through, it
allows members of my group to read and execute my files - but not write
to them - and it allows anyone to execute programs/scripts I write.
At home, I use:
umask 0
...just because wide-open permissions work fine for me at home.
Your choices may well be different.
Typically, you'd only use umask in your login script - but you
could imagine other situations where it would matter.
Note that umask can only deny additional privilages - it can't
add them.
Hence, when I did:
umask 007 ; touch t2
...it didn't give the file execute-by-owner or execute-by-group
privilages
because 'touch' didn't want to grant them - even though a umask of 007
*allows* it to grant that permission.
--
Steve Baker http://web2.airmail.net/sjbaker1
sjbaker1 at airmail.net (home) http://www.woodsoup.org/~sbaker
sjbaker at hti.com (work)
More information about the Discuss
mailing list