A change of the file mode creation mask on our server infrastructure
was requested to ease cross-user file and directory access automatically.
The default permission on Linux systems for newly created files is 777 and 666
for directories. Setting the user's file mode creation mask is accomplished by
umask <octal mask>
following the standard pattern user group other.
However, the user file mode creation mask M passed to umask acts on
the default permission mask D via bitwise negation:
D & (~M)
Hence, all bits set in M will be disabled in the resulting file mode creation mask.
To check the currently set umask simply type
umask
without argument.
umask 002 –> results in a file creation mask 775 and 664 for directories.
umask 022 –> results in a file creation mask 755 and 644 for directories.
New files created on our Linux servers, e.g. sdlx014, have file permissions 755,
(or 644 for directories) as the standard umask is set to (0)022 and a group ownership
according to the primary group of the user creating the file.
Our infrastructure usually sets the primary group to sd.
The primary group of a specific user can be queried via
id -g -n <username>
With a default umask of 022 users in group sd are allowed to read files and directories
of other group members but are not able to alter files or create files in directories.
This sometimes clashes with FESA builds and deployments among different users, thus,
changing the umask seems reasonable, in particular on sdlx014 and asl73x.
A user mask of 002, or better 007 (others can't read and alter files), solves this issue.
Globally setting umask is dependent on the distribution and requires adminstration
privileges on the particular machine. In our case, using RHELx manually changing
/etc/bashrc
is required, otherwise the umask is overwritten with the default umask 022.
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002 else umask 022 fi
On sdlx014 the line
umask 022
has been changed to
umask 002
This automatically sets umask to 002 on login.
On machines adminstrated by CSCO, we can't apply a custom global umask.
However, a user can specify an automatic umask on login in
~/.bashrc
by simply adding
umask 002