Network security Series 14 setting umask values in Linux

Source: Internet
Author: User

The Umask value is used to set the user's default permissions when creating a file, and when we create a directory or file in the system, the default permissions for the directory or file are determined by the Umask value.

For the root user, the default umask value is 0022, and for a normal user, the default Umask value for the system is 0002. Execute the umask command to view the umask value of the current user.

[Email protected] ~]# umask

0022

Umask value A total of 4 sets of numbers, of which the 1th set of numbers to define special permissions, we generally do not consider, and general permissions related to the latter 3 sets of numbers.

By default, for a directory, the maximum permissions a user can have is 777, and for a file, the maximum permissions a user can have is the maximum permissions on the directory to remove the Execute permission, or 666. Because x Execute permissions are required for a directory, you cannot access the directory without Execute permissions, and for files you do not have to give X Execute permissions by default.

For the root user, his umask value is 022. When the root user creates the directory, the default permission is to use the maximum permissions 777 to remove the corresponding location of the Umask value permission, that is, the owner does not have to remove any permissions, for the owning group to remove the W permission, for other users also to remove the W permission, so the default permissions for the directory is 755 When the root user creates the file, the default permission is to remove the umask value of the corresponding location with the maximum permissions of 666, that is, the default permission for the file is 644.

You can use the following test actions to understand the umask value.

[Email protected] ~]# mkdir directory1 #创建测试目录

[Email protected] ~]# ll-d directory1 #目录的默认权限是755

Drwxr-xr-x. 2 root root 4096 December 2 13:08 directory1

[Email protected] ~]# touch file1 #创建测试文件

[Email protected] ~]# ll file1 #文件的默认权限是644

-rw-r--r--. 1 root root 0 December 2 13:09 file1

The Umask command allows you to modify the Umask value, such as setting the Umask value to 0077.

[Email protected] ~]# umask 0077

[Email protected] ~]# umask

0077

The default permissions for the directory created at this time are 700, and the file default permissions are 600:

[Email protected] ~]# mkdir directory2

[Email protected] ~]# ll-d directory2

DRWX------. 2 root root 4096 December 2 13:14 Directory2

[Email protected] ~]# touch file2

[Email protected] ~]# ll File2

-RW-------. 1 root root 0 December 2 13:14 file2

Consider, if the Umask value is set to 0003, what is the default permission to create a directory or file at this point?

The correct result should be: The default permission for the directory is 774, and the default permission for the file is 664. When calculating the default permissions, do not apply the maximum permissions directly minus the Umask value, but instead remove the permissions for the corresponding location of the umask value to get the correct result.

The umask command can only temporarily modify the Umask value, and Umask will revert to its default value after the system restarts. If you want to permanently modify the Umask value, you need to modify the/etc/profile file or modify the/ETC/BASHRC file, for example, to set the default Umask value to 027, you can add a line of "Umask 027" to the file.

Both/etc/profile and/ETC/BASHRC can be used to set the user to automatically perform certain actions when they log on to the system, the difference being that/etc/profile is executed only when the user logs on for the first time, while/ETC/BASHRC loads bash every time the user logs on Shell will be executed.

Therefore, if you modify the/etc/profile file, it will only take effect for the newly created user, and if you modify the/ETC/BASHRC file, it is valid for all users.

This article from "a pot of turbid wine" blog, reproduced please contact the author!

Network security Series 14 setting umask values in Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.