Table of Contents

File Mode Creation Mask

A change of the file mode creation mask on our server infrastructure
was requested to ease cross-user file and directory access automatically.

The default permission on Linux systems for newly created files is 777 and 666
for directories. Setting the user's file mode creation mask is accomplished by

umask <octal mask>

following the standard pattern user group other.

However, the user file mode creation mask M passed to umask acts on
the default permission mask D via bitwise negation:

D & (~M)

Hence, all bits set in M will be disabled in the resulting file mode creation mask.

To check the currently set umask simply type

umask

without argument.

Example

umask 002 –> results in a file creation mask 775 and 664 for directories.
umask 022 –> results in a file creation mask 755 and 644 for directories.

Why Changing the User File Mode Creation Mask?

New files created on our Linux servers, e.g. sdlx014, have file permissions 755,
(or 644 for directories) as the standard umask is set to (0)022 and a group ownership
according to the primary group of the user creating the file.

Our infrastructure usually sets the primary group to sd.
The primary group of a specific user can be queried via

id -g -n <username>

With a default umask of 022 users in group sd are allowed to read files and directories
of other group members but are not able to alter files or create files in directories.

This sometimes clashes with FESA builds and deployments among different users, thus,
changing the umask seems reasonable, in particular on sdlx014 and asl73x.

A user mask of 002, or better 007 (others can't read and alter files), solves this issue.

Setting umask globally

Globally setting umask is dependent on the distribution and requires adminstration
privileges on the particular machine. In our case, using RHELx manually changing

/etc/bashrc

is required, otherwise the umask is overwritten with the default umask 022.

if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi

On sdlx014 the line

umask 022

has been changed to

umask 002

This automatically sets umask to 002 on login.

Servers we don't have root access to

On machines adminstrated by CSCO, we can't apply a custom global umask.
However, a user can specify an automatic umask on login in

~/.bashrc


by simply adding

umask 002