I was a Unix admin for 30 years. It was a fun job. I really enjoyed being able to set up sturdy systems and fixing them when necessary. Even better, it didn’t require me to be a people person.
I love these posts.
“””The umask masks permissions by restricting them by a certain value.”””
And, people wonder why others are confused by Linux....
Ah, a flashback to my days working on Solaris Unix systems fir a defense contractor. The group settings and permissions were the most critical for us.
BFRL. Thanks for all you’re doing to promote Linux and educate those interested in learning the commands.
I only have one thing to say about Unix...I don’t get it.
I started coding on a Commodore 128, in BASIC...just for fun. I got pretty good at it.
Then came DOS, and I could get around ok with that, even write some simple apps.
Next came Windows; I played around with Visual Basic, and did pretty good.
Lotus Notes came along, and I became an award winning (from Lotus), and published Lotus Notes developer.
When Notes fizzled, I tried Unix...as they said it was the “up and coming thing”.
I picked up a couple of things, like “grep”, but never really got the thrill of Unix; it was a big step backwards for me, like learning a different kind of DOS.
So, to this day, I still shy away from anything Unix, or Lenox, or whatever.
I’m 73 now and don’t want to strain what’s left of my brain on learning another coding language.
Sorry.
Unix was designed by counter-culture anti-establishment Berkley hippies in the late 60’s.
It should come as no surprise that those “programmers” would set up default permissions value as 666, and have commands that kill parent and child processes.
Not to be picky but if you’re going to leave links in the post, you should change them from relative to absolute.
How do these Linux threads relate to a free republic?
Did reddit kick you off there?
"if our umask value is 022, then any new files will, by default, have the permissions 644 (666 - 022). Likewise, any new directories will, by default, be created with the permissions 755 (777 - 022)."
It is that third position that is important in this. The first octet refers to the Owner of the file, the second to the Group Owner, and the third to all Other users on the system. So, if you have a file with these permissions:
-rw-rw-r--
This means that the Owner can read and write to the file, any Group member can read and write to it, and all Other users on the system can read it.
Sometimes that's not really a problem from a security perspective, but I'd say that it is a bad habit to allow Other users to have access to any of your files by default. A better umask for this purpose would be 027, so by default if you create a file it will have permissions of 640 (-rw-r-----), and directories will have 750 (drwxr-x---).
Let's see what that looks like....
$ umask 0022 $ touch aaa $ mkdir aaaa $ ls -l -rw-r--r-- 1 amp amp 0 Feb 27 09:05 aaa drwxr-xr-x 2 amp amp 4096 Feb 27 09:06 aaaa $ umask 0026 $ touch bbb $ mkdir bbbb $ ls -l -rw-r--r-- 1 amp amp 0 Feb 27 09:05 aaa drwxr-xr-x 2 amp amp 4096 Feb 27 09:06 aaaa -rw-r----- 1 amp amp 0 Feb 27 09:22 bbb drwxr-x--x 2 amp amp 4096 Feb 27 09:22 bbbb $ umask 0027 $ touch ccc $ mkdir cccc $ ls -l -rw-r--r-- 1 amp amp 0 Feb 27 09:05 aaa drwxr-xr-x 2 amp amp 4096 Feb 27 09:06 aaaa -rw-r----- 1 amp amp 0 Feb 27 09:22 bbb drwxr-x--x 2 amp amp 4096 Feb 27 09:22 bbbb -rw-r----- 1 amp amp 0 Feb 27 09:22 ccc drwxr-x--- 2 amp amp 4096 Feb 27 09:22 cccc
Most would agree that it's better to have Other users have no access to their files by default. The downside is that if you're on a multiuser system and you do want to share files, you have to sometimes jump through extra hoops to do so. If you want others to have access to a specific file, you can always use chmod to change the file to less restricted settings....
$ chmod 644 ccc $ ls -l ccc -rw-r--r-- 1 amp amp 0 Feb 27 09:22 ccc $
Some programs check the permissions of it's files/directories. For instance the 'ssh' command will fail if your ~/.ssh directory is NOT set to 700 permissions. This makes sense as your encryption keys most emphatically should NOT be available to other users.
You can actually set even finer permissions if you want to on most modern Linux distros. For the advanced, and stout of heart look at the 'lsattr' command. It will allow you to lock a file down so much that not even the root user can delete/modify it.
For instance, for my own reasons, I really do not any program on my computer to mess with my DNS resolvers. If you look at my /etc/resolv.conf file, you'll see this...
$ ls -l /etc/resolv.conf -rw-r--r-- 1 root root 118 Jun 6 2018 /etc/resolv.conf $ lsattr /etc/resolv.conf ----i--------e-- /etc/resolv.conf $ sudo rm /etc/resolv.conf [sudo] password for zeugma: rm: cannot remove ‘/etc/resolv.conf’: Operation not permitted
More recently, there is an interesting extra code, which I occasionally know how to set and unset. When used, you end up with an extra “+” on the permissions, like:
-rw-r—r—+