[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sticky premissions.



On Tue, Oct 23, 2001, Daniel Feiglin wrote about "Re: Sticky premissions.":
>...
> (Subdirectories are always created by mkdir as rwx owner and rx for everone 
> else. The x grants "way through" access for stuff further down the tree.)
> 
> Ref: Stevens, APUE, p 78.

I didn't look at the reference, but this last piece of trivia is not
generally correct (it is correct only when your umask is set to 022).

Actually what happens is that mkdir(1) calls the mkdir(2) system call to
create a new directory, with mode 0777 (rwx for owner, group and others).
mkdir(2) removes the "umask" value of the current process (umasks are
specific to processes, not to the current directory for example) from this
mode. So, if your umask is 022 (and I agree that this is a generally
useful umask in many setups), indeed you get the modes you described.
But as other people explained, you can also set your umask differently,
e.g., if it is 02, mkdir(1) will create directories with mode 775 (rwx
for owner and group, rx for others).

See the mkdir(2) and umask(2) manuals for more details. The umask value
also affects other system calls like open(2), creat(2), and mknod(2).
It's a very useful security feature when you think about it, but it has
its limits. In particular, as I and other people have already mentioned,
the umask value is a property of the current processes (it is inherited
by child processes), and not of a directory in which the files are to be
created. Moreover, umask is a simple security feature, designed only to
remove permission bits when creating files: it cannot add more permissions
than the creator wants, and it doesn't prevent the user from later chmod'ing
the file to different permissions.


-- 
Nadav Har'El                        |   Wednesday, Oct 24 2001, 7 Heshvan 5762
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |I don't suffer from insanity, I enjoy
http://nadav.harel.org.il           |every minute of it.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il