====== File Mode Creation Mask ======

A change of the file mode creation mask on our server infrastructure \\
was requested to ease cross-user file and directory access automatically.

The default permission on Linux systems for newly created files is 777 and 666 \\
for directories. Setting the user's file mode creation mask is accomplished by
<code>umask <octal mask></code>
following the standard pattern //user group other//.

However, the user file mode creation mask **M** passed to umask acts on \\
the default permission mask **D** via //bitwise negation//:

<code>D & (~M)</code>

Hence, all bits set in **M** will be //disabled// in the resulting file mode creation mask.

To check the currently set umask simply type
<code>umask</code> without argument.

==== Example ====

umask **002** --> results in a file creation mask **775** and **664** for directories.\\
umask **022** --> results in a file creation mask **755** and **644** for directories.

===== Why Changing the User File Mode Creation Mask? =====

New files created on our Linux servers, e.g. sdlx014, have file permissions 755,\\
(or 644 for directories) as the standard umask is set to (0)022 and a group ownership\\
according to the //primary group// of the user creating the file.

Our infrastructure usually sets the primary group to **sd**.\\
The primary group of a specific user can be queried via 

<code>id -g -n <username></code>

With a default umask of 022 users in group sd are allowed to read files and directories\\
of other group members but are not able to alter files or create files in directories.\\

This sometimes clashes with FESA builds and deployments among different users, thus,\\
changing the umask seems reasonable, in particular on //sdlx014// and //asl73x//.\\

A user mask of 002, or better 007 (//others// can't read and alter files), solves this issue.

===== Setting umask globally ======

Globally setting umask is dependent on the distribution and requires adminstration\\
privileges on the particular machine. In our case, using RHELx manually changing

<code>/etc/bashrc</code>

is required, otherwise the umask is overwritten with the default umask 022.

<code>
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi
</code>

On sdlx014 the line
<code>umask 022</code>
has been changed to
<code>umask 002</code>

This automatically sets umask to 002 on login.

===== Servers we don't have root access to ======

On machines adminstrated by CSCO, we can't apply a custom global umask.\\
However, a user can specify an automatic umask on login in <code>~/.bashrc</code>\\
by simply adding
<code>
umask 002
</code>