Permissions and Umasks
On *nix-like systems, traditionally every file has an owner, an assigned group, and a list of permissions (although POSIX Access Control Lists are getting more popular).
You can change the owner of a file with the "chown" command:
fred@linux:~> chown someUser foo
You can change the group of a file with the "chgrp" command:
fred@linux:~> chgrp someGroup foo
Alternatively, you can do both at once:
chown someUser.someGroup foo
chown someUser:someGroup foo
For every file, you can set the following for the User, Group, and Others: r - can read w - can write x - can execute
These are set with the "chmod" command:
chmod u=rwx,g=rx,o=r foo
ls -l foo
- -rwxr-xr-- 1 fred users 0 2004-10-26 11:38 foo
You don't need to set all the permissions - you can just modify them, for example, to make a file executable:
chmod +x foo
You can also change the permissions just for either the User, Group, or Others:
chmod o-x foo
You can also specify permissions with a number. To find out which numbers, add up the numbers from this table:
r w x 4 2 1
For example, rwxr-xr-- would be:
U G O 4 4 4 +2 +0 +0 +1 +1 +0 =7 =5 =4
So to give a file rwxr-xr-- permissions:
chmod 754 foo
umasks define which permissions can not be set (in octal). For example, the default umask on slackware is 0022:
Ignoring the first digit, this means that the owner can do anything, but group and others are unable to write (2 == w). A more secure umask (possibly more suitable for your ~/) is 0077, meaning that group and others have no access to your files.
The following is based on Sandman1's Umask tutorial.
Well first this is a pretty boring topic to write about, So im going to get right to the point. When you set a umask you set what permission NOT to set. So when you create a file it uses the umask to set the file permissions. All of this might not make sense now but it will later. Now type:
Now on slackware you will get "0022", First ignore the first 0. Now we have 022. The first 0 makes sure the owner has ALL the permissions of a file. You can tell that becuase you have no permissions you want to turn off. Now the next two numbers you have a 2 for. The 2 indicates that you NEVER want to set write permissions.
Now that method above of trying to find a umask is a bit confusing. All you do is set the number what you DON'T want the user to have. Now there is an easier way of finding out a umask. You can subtract the permission from 777. Example:
777 - 750 = 027
That is the umask of the 750 permission. Now you may be asking yourself what is this usefull for. Well you can set the umask by typing "umask 027" in bash and when you create a file/directory it goes by umask 027 instead of the 0022.
Now another reason for setting a umask is becuase you want to access a filesystem such as NTFS,VFAT,Samba,etc as a regular user. You can set the umask and allow regular users to write to the filesytem. It is really easy, in the fstab all you add is "umask=027" and remount the filesystem. See Windows_Partitions for more information (and a potentially better option than setting umask options).