Set umask in linux

Chapter 25. Managing the umask

You can use the umask utility to display, set, or change the current or default value of the umask .

25.1. Displaying the current value of the umask

You can use the umask utility to display the current value of the umask in symbolic or octal mode.

    To display the current value of the umask in symbolic mode, use:

When displaying the umask in octal mode, you may notice it displayed as a four digit number ( 0002 or 0022 ). The first digit of the umask represents a special bit (sticky bit, SGID bit, or SUID bit). If the first digit is set to 0 , the special bit is not set.

25.2. Displaying the default bash umask

There are a number of shells you can use, such as bash , ksh , zsh and tcsh . Those shells can behave as login or non-login shells. You can invoke the login shell by opening a native or a GUI terminal.

To determine whether you are executing a command in a login or a non-login shell, use the echo $0 command.

Example 25.1. Determining if you are working in a login or a non-login bash shell

  • If the output of the echo $0 command returns bash , you are executing the command in a non-login shell.

    To display the default bash umask for the non-login shell, use:

# By default, we want umask to get set. This sets it for non-login shell. umask 002 umask 022
# By default, we want umask to get set. This sets it for login shell umask 002 umask 022

25.3. Setting the umask using symbolic values

You can use the umask utility with symbolic values (a combination letters and signs) to set the umask for the current shell session

You can assign the following permissions :

Permissions can be assigned to the following levels of ownership :

To add or remove permissions you can use the following signs :

  • + to add the permissions on top of the existing permissions
  • — to remove the permissions from the existing permission
  • = to remove the existing permissions and explicitly define the new ones

    To set the umask for the current shell session, use:

Replace with the level of ownership you want to set the umask for. Replace with one of the signs. Replace with the permissions you want to assign. For example, to set the umask to u=rwx,g=rwx,o=rwx , use umask -S a=rwx . See User file-creation mode for more details.

25.4. Setting the umask using octal values

You can use the umask utility with octal values (numbers) to set the umask for the current shell session.

    To set the umask for the current shell session, use:

25.5. Changing the default umask for the non-login shell

You can change the default bash umask for standard users by modifying the /etc/bashrc file.

Prerequisites

  1. As root , open the /etc/bashrc file in the editor.
  2. Modify the following sections to set a new default bash umask :
if [ $UID -gt 199 ] && [ “id -gn” = “id -un” ]; then umask 002 else umask 022 fi

25.6. Changing the default umask for the login shell

You can change the default bash umask for the root user by modifying the /etc/profile file.

Prerequisites

  1. As root , open the /etc/profile file in the editor.
  2. Modify the following sections to set a new default bash umask :
if [ $UID -gt 199 ] && [ “/usr/bin/id -gn” = “/usr/bin/id -un” ]; then umask 002 else umask 022 fi

25.7. Changing the default umask for a specific user

You can change the default umask for a specific user by modifying the .bashrc for that user.

    Append the line that specifies the octal value of the umask into the .bashrc file for the particular user.

$ echo 'umask octal_value' >> /home/username/.bashrc

25.8. Setting default permissions for newly created home directories

You can change the permission modes for home directories of newly created users by modifying the /etc/login.defs file.

  1. As root , open the /etc/login.defs file in the editor.
  2. Modify the following section to set a new default HOME_MODE :
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # home directories. # If HOME_MODE is not set, the value of UMASK is used to create the mode. HOME_MODE 0700
# Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. # UMASK is also used by useradd(8) and newusers(8) to set the mode for new # home directories if HOME_MODE is not set. # 022 is the default value, but 027, or even 077, could be considered # for increased privacy. There is no One True Answer here: each sysadmin # must make up their mind. UMASK 022

Источник

Set umask in linux

NAME

umask - get or set the file mode creation mask

SYNOPSIS

umask [-S][mask] 

DESCRIPTION

The umask utility shall set the file mode creation mask of the current shell execution environment (see Shell Execution Environment ) to the value specified by the mask operand. This mask shall affect the initial value of the file permission bits of subsequently created files. If umask is called in a subshell or separate utility execution environment, such as one of the following: (umask 002) nohup umask . find . -exec umask . \; it shall not affect the file mode creation mask of the caller's environment. If the mask operand is not specified, the umask utility shall write to standard output the value of the invoking process' file mode creation mask.

OPTIONS

The umask utility shall conform to the Base Definitions volume of IEEE Std 1003.1-2001, Section 12.2, Utility Syntax Guidelines. The following option shall be supported: -S Produce symbolic output. The default output style is unspecified, but shall be recognized on a subsequent invocation of umask on the same system as a mask operand to restore the previous file mode creation mask.

OPERANDS

The following operand shall be supported: mask A string specifying the new file mode creation mask. The string is treated in the same way as the mode operand described in the EXTENDED DESCRIPTION section for chmod. For a symbolic_mode value, the new value of the file mode creation mask shall be the logical complement of the file permission bits portion of the file mode specified by the symbolic_mode string. In a symbolic_mode value, the permissions op characters '+' and '-' shall be interpreted relative to the current file mode creation mask; '+' shall cause the bits for the indicated permissions to be cleared in the mask; '-' shall cause the bits for the indicated permissions to be set in the mask. The interpretation of mode values that specify file mode bits other than the file permission bits is unspecified. In the octal integer form of mode, the specified bits are set in the file mode creation mask. The file mode creation mask shall be set to the resulting numeric value. The default output of a prior invocation of umask on the same system with no operand also shall be recognized as a mask operand.

STDIN

INPUT FILES

ENVIRONMENT VARIABLES

The following environment variables shall affect the execution of umask: LANG Provide a default value for the internationalization variables that are unset or null. (See the Base Definitions volume of IEEE Std 1003.1-2001, Section 8.2, Internationalization Variables for the precedence of internationalization variables used to determine the values of locale categories.) LC_ALL If set to a non-empty string value, override the values of all the other internationalization variables. LC_CTYPE Determine the locale for the interpretation of sequences of bytes of text data as characters (for example, single-byte as opposed to multi-byte characters in arguments). LC_MESSAGES Determine the locale that should be used to affect the format and contents of diagnostic messages written to standard error. NLSPATH Determine the location of message catalogs for the processing of LC_MESSAGES . 

ASYNCHRONOUS EVENTS

STDOUT

When the mask operand is not specified, the umask utility shall write a message to standard output that can later be used as a umask mask operand. If -S is specified, the message shall be in the following format: "u=%s,g=%s,o=%s\n", owner permissions>, group permissions>, other permissions> where the three values shall be combinations of letters from the set < r, w, x>; the presence of a letter shall indicate that the corresponding bit is clear in the file mode creation mask. If a mask operand is specified, there shall be no output written to standard output.

STDERR

The standard error shall be used only for diagnostic messages.

OUTPUT FILES

EXTENDED DESCRIPTION

EXIT STATUS

The following exit values shall be returned: 0 The file mode creation mask was successfully changed, or no mask operand was supplied. >0 An error occurred.

CONSEQUENCES OF ERRORS

Default. The following sections are informative. 

APPLICATION USAGE

Since umask affects the current shell execution environment, it is generally provided as a shell regular built-in. In contrast to the negative permission logic provided by the file mode creation mask and the octal number form of the mask argument, the symbolic form of the mask argument specifies those permissions that are left alone.

EXAMPLES

Either of the commands: umask a=rx,ug+w umask 002 sets the mode mask so that subsequently created files have their S_IWOTH bit cleared. After setting the mode mask with either of the above commands, the umask command can be used to write out the current value of the mode mask: $ umask 0002 (The output format is unspecified, but historical implementations use the octal integer mode format.) $ umask -S u=rwx,g=rwx,o=rx Either of these outputs can be used as the mask operand to a subsequent invocation of the umask utility. Assuming the mode mask is set as above, the command: umask g-w sets the mode mask so that subsequently created files have their S_IWGRP and S_IWOTH bits cleared. The command: umask -- -w sets the mode mask so that subsequently created files have all their write bits cleared. Note that mask operands -r, -w, -x or anything beginning with a hyphen, must be preceded by "--" to keep it from being interpreted as an option.

RATIONALE

Since umask affects the current shell execution environment, it is generally provided as a shell regular built-in. If it is called in a subshell or separate utility execution environment, such as one of the following: (umask 002) nohup umask . find . -exec umask . \; it does not affect the file mode creation mask of the environment of the caller. The description of the historical utility was modified to allow it to use the symbolic modes of chmod. The -s option used in early proposals was changed to -S because -s could be confused with a symbolic_mode form of mask referring to the S_ISUID and S_ISGID bits. The default output style is implementation-defined to permit implementors to provide migration to the new symbolic style at the time most appropriate to their users. A -o flag to force octal mode output was omitted because the octal mode may not be sufficient to specify all of the information that may be present in the file mode creation mask when more secure file access permission checks are implemented. It has been suggested that trusted systems developers might appreciate ameliorating the requirement that the mode mask "affects" the file access permissions, since it seems access control lists might replace the mode mask to some degree. The wording has been changed to say that it affects the file permission bits, and it leaves the details of the behavior of how they affect the file access permissions to the description in the System Interfaces volume of IEEE Std 1003.1-2001.

FUTURE DIRECTIONS

SEE ALSO

Shell Command Language , chmod , the System Interfaces volume of IEEE Std 1003.1-2001, umask()

Источник

Читайте также:  Linux mysql перенос базы
Оцените статью
Adblock
detector