cancel
Showing results for 
Search instead for 
Did you mean: 
74razor
Flight Engineer
Flight Engineer
  • 4,554 Views

UMask symbolic notation

Jump to solution

Studying for RHCSA exam using the book - Red Hat Enterprise Linux 8 Training and Exam Preparation Guide (EX200) Second Edition by ASghar Ghori.

One of the Labs is having me change the umask to 0035 using symbolic notation. I can do that, however, it appears the answer is to do: umask u=rwx,g=r,o=w, which would be 777. 

Earlier in this chapter, it says that the default umask for files is 666 and the default umask for directories is 777. I created a file and verified the file has permissions equal to 666, or 664 with the umask set to default 0002. 

What am I missing? Why when changing the umask is the answer to use 777 instead of 666? 

0 Kudos
1 Solution

Accepted Solutions
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 4,542 Views

Let's keep this simple. You don't need to set umask values using the symbolic method (you may very well want to use symbolic when using the chmod command). In fact, its down right looney to do so. Just use the numeric method. If you want 0035 as a umask value, then use umask 0035

(If you are wondering if you will need to use one method over another on the RHCSA exam, the answer that I can give you is this: Red Hat doesn't care how you meet the test objective -- just as long as you meet it.)

The kernel permissions are 777 for directories and 666 for files. Unless you change the source code and recompile your own kernel (which is very much not in the RHCSA objecives), you will not be changing these values.

Also, keep in mind that = means to set exactly when using chmod. So chmod g=r <file> will turn on the read bit on <file> and turn off write and execute -- even if they were previously turned on. + means to turn on and - means to turn off

The default umask value in RHEL 8 is 002 (or 0002, if you prefer - the leading 0 in the four digit number is insignificant in this context). The umask value is subtracted from the kernel values. You can change the umask value using the umask command. The umask value applies to directories and files equally. Generally, the umask value is set on a per user basis. When a umask value is changed, it does not affect existing directories or files. It works like this:

                             directories       files
kernel value          777                 666
umask (default)  - 002               - 002
                             -----                ------
octal permissions 775                 664

which is, for directories: rwxrwxr-x and for files: rw-rw-r--

In your example of umask being 035, you'd end up creating directories and files with:

  777      666
- 035    - 035
  -----      -----
  741      632

which is:

directories: rwxr----x (which will probably never happen because you are now missing the execute bit on the group permissions - meaning members of the group cannot cd into the directory. Others can, but they can't use ls on it because they're missing the read bit. To keep things simple, all directories, that you'll be messing with, should have the execute bit turned on.)

files: rw--wx-w- (this is also hosed, becasue the group can execute the file, but the owner can't. Others can write to the file, but not read it.)

No, you will not use a umask of 035 -- ever.

Hope this helps.

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

View solution in original post

6 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 4,543 Views

Let's keep this simple. You don't need to set umask values using the symbolic method (you may very well want to use symbolic when using the chmod command). In fact, its down right looney to do so. Just use the numeric method. If you want 0035 as a umask value, then use umask 0035

(If you are wondering if you will need to use one method over another on the RHCSA exam, the answer that I can give you is this: Red Hat doesn't care how you meet the test objective -- just as long as you meet it.)

The kernel permissions are 777 for directories and 666 for files. Unless you change the source code and recompile your own kernel (which is very much not in the RHCSA objecives), you will not be changing these values.

Also, keep in mind that = means to set exactly when using chmod. So chmod g=r <file> will turn on the read bit on <file> and turn off write and execute -- even if they were previously turned on. + means to turn on and - means to turn off

The default umask value in RHEL 8 is 002 (or 0002, if you prefer - the leading 0 in the four digit number is insignificant in this context). The umask value is subtracted from the kernel values. You can change the umask value using the umask command. The umask value applies to directories and files equally. Generally, the umask value is set on a per user basis. When a umask value is changed, it does not affect existing directories or files. It works like this:

                             directories       files
kernel value          777                 666
umask (default)  - 002               - 002
                             -----                ------
octal permissions 775                 664

which is, for directories: rwxrwxr-x and for files: rw-rw-r--

In your example of umask being 035, you'd end up creating directories and files with:

  777      666
- 035    - 035
  -----      -----
  741      632

which is:

directories: rwxr----x (which will probably never happen because you are now missing the execute bit on the group permissions - meaning members of the group cannot cd into the directory. Others can, but they can't use ls on it because they're missing the read bit. To keep things simple, all directories, that you'll be messing with, should have the execute bit turned on.)

files: rw--wx-w- (this is also hosed, becasue the group can execute the file, but the owner can't. Others can write to the file, but not read it.)

No, you will not use a umask of 035 -- ever.

Hope this helps.

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
74razor
Flight Engineer
Flight Engineer
  • 4,521 Views

Thank you @Tracy_Baker for the informative response. That helps quite a bit, as well as the knowledge share regarding exam questions. 

Tracy_Baker
Starfighter Starfighter
Starfighter
  • 4,506 Views

@74razor 

You are welcome

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
RedAdmin
Cadet
Cadet
  • 3,271 Views

Hello Tracy,

Your calculation of umask seems to be wrong.

 

file permission 666 with umask 035 would result in a permission of 642 [ rw-r---w-]

 

and 

 

directory permission 777 with umask 035 will result in a permission of 742 [ rwxr---w-]

0 Kudos
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 3,257 Views

Actually, yes, my math was wrong (was it late at night).

umask values are subtracted from the kernel defaults. I'll have to go look at the original thread. Using the values you have, this is what they'd be:

777 - 035 = 742 (rwxr---w-)

666 - 035 = 631 (rw--wx--x)

However, when actually doing it, the permissions for files end up being rw-r---w- (642). The math is correct, but the permissions are not set as expected. Interesting... I'm not certain what's going on with this.

Tracy_Baker_0-1676045611012.jpeg

 

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
RedAdmin
Cadet
Cadet
  • 3,251 Views

Hello Tracy,

 

I think we are not doing plain math here ( although math works just fine in some cases ex- 666-022=644 and so on, mostly if umask is even number). We are infact substracting the permissions themselves. These numbers are just representation of underlying permission

 

So, file permission 666 with umask 035 would mean:

 

666 (-rw-rw-rw-)

                                    subtracted by umask

035 ( -----wxr-x) 

 

                                     Resultes in

642 (-rw-r---w-)

 

In a sense, The permissions represented by octal umask [ 0=--- & 3 = -wx & 5 = r-x) are removed from the existing permission, what remains becoms the default permission.

 

Even simpler, Imagine umask as a net. permission fall on that net (umask). Where there is a dash ( --- ) permissions pass through, where there is a character ( -wx or r-x ) permissions get blocked! 

Look up and imaging entire 666 permissions row falling down on 035 and you can see that the result is nothing but the ones who passed through the umask!!

 

0 Kudos
Join the discussion
You must log in to join this conversation.