ktb wrote:
>
> Andrew McRobert wrote:
> >
> > hi all
> >
> > When a user creates a new directory/file in their home directory, the setuid
> > bit is always set for group members, ie.
> >
> > drwxr-sr-x
> >
> > umask = 022, what do I need to set it to, for new files to = drwxr-xr-x ...
> > and is this ok security-wise ... the execute bit?
> >
> > thanks
> >
> > Andrew
>
> I'm not very good with numeric file modes. I usually use symbolic but I
> think the permissions you want would be 755.
> Assuming that is correct you subtract that number from 777 to get the
> unmask number-- 777-755=22
careful- the operation is a binary AND of the ones-compliment of the
umask. A subtract might generate a borrow, which would interfere with
adjacent bits and have very unexpected results.
look ak at 'man 2 umask' which describes the C function call, yet
provides some insight into how the umask actually works. Remember that
this is a 9 bit octal field (3 groups of 3 'rwx' bits).
umask sets the umask to mask & 0777.
The umask is used by open(2) to set initial file permisĀ
sions on a newly-created file. Specifically, permissions
in the umask are turned off from the mode argument to
open(2) (so, for example, the common umask default value
of 022 results in new files being created with permissions
0666 & ~022 = 0644 = rw-r--r-- in the usual case where the
mode is specified as 0666).
ron
