06-03-2005
Set GID Bit on Directories
We briefly mentioned that files have a user and group associated with them. Originally, it was just the user and group of whoever created them. But originally, a user could be in only one group at a time. BSD introduced the concept that a user could be in multiple groups simutaneously. So in BSD, which group was used? BSD decided to use the group of the directory that contained the newly created file.
Many modern versions of unix try to have it both ways. A newly created file gets the group of the user unless the directory has the setgid bit. In that case, the newly created file gets the group of the directory.
And there is an exception to that! Changing the owner or group of a file has security concerns. For that reason, some versions of unix will, optionally, prohibit a user other than root from changing the owner of a file. Additionally, a user is prohibited from changing the group of a file unless he is a member of the new group. This restriction will override the setgid bit on a directory if needed.
These 3 Users Gave Thanks to Perderabo For This Post:
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am currently running jsp pages on unix server. At the top of my page is the import statement: <%@ page import="survey.*"%>. This imports the survey folder which i have placed in the same directory as my jsp page- jsp-servlet.
However, when i try to run the page, its gives me an error saying that... (2 Replies)
Discussion started by: moukoko
2 Replies
2. UNIX for Advanced & Expert Users
Hello,
What does the following mean in terms of file permissions.
-rw-rwSrw- 1 owner group 999 May 25 2004 file_name
What does the "S" stand for.
Thanks in advance for your input. :) (3 Replies)
Discussion started by: jerardfjay
3 Replies
3. Solaris
Is anyone aware of a tool that would produce a report or an extract file of all users, the files thry are allowed to access and their associated rights permitted (Read,Write etc.) (0 Replies)
Discussion started by: mobershaw
0 Replies
4. UNIX for Dummies Questions & Answers
Okay,
this may turn out to be something quite simple, but I haven't found the answer so far:
1) Is it possible to retrieve a list of user(ID) file permissions?
and then...
2) What is the most efficient way to create an alert/error message when/if those file permissions are denied? ... (2 Replies)
Discussion started by: hades1013
2 Replies
5. Shell Programming and Scripting
I want to change one of my Dir permissions to drwx--S--- Can you tell me which number i have to use.
Thanks in Advance (4 Replies)
Discussion started by: veeru
4 Replies
6. UNIX for Dummies Questions & Answers
We have a user group ‘norkgrp’ which is having 2 users ‘norkadm’ and ‘oracle’.
Further we have a directory ‘fstf_blobs’ where ‘norkadm’ is the owner and ‘norkgrp’ is the group owner. The permission is set as 770.
$ ls -lrt
drwxrwx--- 2 norkadm norkgrp 1024 Jun 24 05:03 fstf_blobs
We... (5 Replies)
Discussion started by: varunrbs
5 Replies
7. Solaris
I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
Discussion started by: kchinnam
7 Replies
8. Shell Programming and Scripting
Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies
UMASK(2) Linux Programmer's Manual UMASK(2)
NAME
umask - set file mode creation mask
SYNOPSIS
#include <sys/types.h>
#include <sys/stat.h>
mode_t umask(mode_t mask);
DESCRIPTION
umask() sets the calling process's file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used),
and returns the previous value of the mask.
The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or
directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).
The constants that should be used to specify mask are described under stat(2).
The typical default value for the process umask is S_IWGRP | S_IWOTH (octal 022). In the usual case where the mode argument to open(2) is
specified as:
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
(octal 0666) when creating a new file, the permissions on the resulting file will be:
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
(because 0666 & ~022 = 0644; i.e., rw-r--r--).
RETURN VALUE
This system call always succeeds and the previous value of the mask is returned.
CONFORMING TO
SVr4, 4.3BSD, POSIX.1-2001.
NOTES
A child process created via fork(2) inherits its parent's umask. The umask is left unchanged by execve(2).
The umask setting also affects the permissions assigned to POSIX IPC objects (mq_open(3), sem_open(3), shm_open(3)), FIFOs (mkfifo(3)), and
Unix domain sockets (unix(7)) created by the process. The umask does not affect the permissions assigned to System V IPC objects created
by the process (using msgget(2), semget(2), shmget(2)).
SEE ALSO
chmod(2), mkdir(2), open(2), stat(2)
COLOPHON
This page is part of release 3.27 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2008-01-09 UMASK(2)