umask 137 ??
Greg Hunt
hunt at dg-rtp.rtp.dg.com
Sun Dec 16 06:04:51 AEST 1990
In article <iNB6T1w163w at wvus.wciu.edu>, pete at wvus.wciu.edu (Pete Gregory) writes:
> What are the security implications of a umask (not the system default, but
> in all users' .profile/.login files) value of 137???
>
> Ignorant minds (including this one) want to know...
The umask setting indicates what privilege bits to turn OFF when the
user creates a file. So, a umask of 137 means:
1 remove user execute permission
3 remove group write and execute permissions
7 remove other read, write, and execute permissions
The 1 is probably not needed since normal files are usually created
without execute permission. Directories and executable binaries are
usually created with execute permission, and turning it off this way
will mean that users will not be able to cd into directories they
create, nor be able to execute binaries they create. That's probably
not what's intended, so I'd suggest removing the 1, changing the
umask to 037.
The 3 means that other people in the same group will be able to read
the file, but not write to it, nor execute it. That's fine.
The 7 means that people other than the owner or people in the same
group will not be able to access the file in any way. That's also
fine.
I'd suggest reading the man page on chmod for more details about the
permission bits, and reading the man page on umask for more details
about how the mask is used.
Remember that the umask is only used when the file is initially
created. The file's permission bits can later be changed with
chmod.
Enjoy!
--
Greg Hunt Internet: hunt at dg-rtp.rtp.dg.com
DG/UX Kernel Development UUCP: {world}!mcnc!rti!dg-rtp!hunt
Data General Corporation
Research Triangle Park, NC, USA These opinions are mine, not DG's.
More information about the Comp.unix.admin
mailing list