HP-UX

Hi everybody,

following is the scenario;

OS HP UX 11.23

two users:
# id bodi
uid=109(bodi) gid=20(users) groups=1(other),2(bin),3(sys),106(oinstall)
# id ossmed
uid=121(ossmed) gid=20(users)

umask
077
directory name /home/mydir
directory permissions drwxrwxrwx

requirement: to have read,execute permissions to group users on all the new created/creating files in this dir.

files are created by a encrypted tool from "bodi" user into this directory with read,write permissions to owner only.

what i tried:

Changed the umask in .profile to 027 of "bodi" user. but dos'nt help because the tool that creates the files don't use the .profile of user.

can't change the default umask in /etc/default/security to other the 077

tried to put acl on dir and don't help with new created files.

any solution?, other then writing and scheduling a script that runs and changes the permission of files.

Regards/AjayS

Since you cannot change the default umask which is the cause of your issue, you are doomed...
Now my 2 cents:
What is the point of such a restrictive umask if the directories are 777?
For instance you are letting anyone the possibility to remove the file(s)...
Why not use a already quite restrictive 027 which lets your conveniently set a 750 on the directory (could add an +s on group, better...) and decide who has access to the group (which would be read only...) OK this does not solve your execute perm... I blame your tools for that...

Me pedantic.

umask 027
New directory gets permissions 750
New file gets permissions 640

Perfect for this situation because both users are in the same primary group.

Can the encrypted program be enveloped in a script which sets up the correct environment?

Thanx for ur replies,
UMASK 077 is part of the security policy,
i was looking for other possibilities,
let me check if i get the approval to override this.

Regards
AjayS