Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Advanced file permisions



I just checked, our umask is 0077 on our RHEL VMs (as required by IT). This
is the problem. a umask or 0007 will give us what we want. The issue is to
have read, write, execute by group. I was unaware that it was set to 0077
by default in RHEL 6. On RHEL5, it is set to 0022.

Most of our scripts here are Python (so the C rules apply), and most of the
code we have is either C++ or Java.

On Tue, Nov 25, 2014 at 6:49 PM, Derek Martin <invalid at pizzashack.org>
wrote:

> On Tue, Nov 25, 2014 at 09:38:52AM -0500, Jerry Feldman wrote:
> > I have an auto mounted directory where I want to restrict access to only
> > members of a specific group, lets call it foogroup for now. I didn't want
> > to use netgroups for a number of reasons in that the NAS is run by a
> > separate team, and they use a different LDAP server than we do.
> >
> > The way I set up the original top level directory is:
> > chmod 2770: rwxrws--- foogroup
> > But when I create a subdirectory I get:
> > rwx--S---
>
> How did you create the directory?  If you're using mkdir on the
> command line, the umask seems like the only possible culprit,
> excepting some weird filesystem mount options possibly.  The mkdir
> command  has a -m option to set the mode but one can assume you're not
> using that, or else you would know. =8^)
>
> If you're doing this from within a program, the mkdir() system call
> takes a mode argument (and is, I believe, still modified by your
> umask).  That's for C obviously but other languages should generally
> have something similar, and in some of those languages it may be
> optional, defaulting to something you don't want...
>
> --
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will
> result in
> undeliverable mail due to spam prevention.  Sorry for the inconvenience.
>
>


-- 
--
Jerry Feldman <gaf.linux at gmail.com>
Boston Linux and Unix
PGP key id: B7F14F2F
Key fingerprint: D937 A424 4836 E052 2E1B  8DC6 24D7 000F B7F1 4F2F



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org