Accepted Solutions
Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.
A umask value of of 007 will result in this for files:
kernel default 666
- umask 007
------------------------
result 660 (rw-rw----)
You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.
It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):
I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."
This is very confusing as there is no umask value that can be used to turn on the execute bit for files.
I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."
The default kernel permssions are 777 for directories. It is 666 for files.
Therefore, setting a umask of 007 will change the effective permissions to 660 for directories and 770 for files.
Keep in mind that:
- there is only one umask value that is applied to directories and files.
- changing the umask value does not change permissions on existing directories and files.
- if changed at the command line, the change is only used during the duration of the current terminal session and does not impact other terminal sessions.
- if the change is to be persistent, files must be edited. For any individual user, ~/.bashrc can be edited by adding the line umask 007. For all users, /etc/profile can be edited to have something like:
Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.
A umask value of of 007 will result in this for files:
kernel default 666
- umask 007
------------------------
result 660 (rw-rw----)
You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.
It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):
I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."
This is very confusing as there is no umask value that can be used to turn on the execute bit for files.
I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."
@RunReon for most Linux distros, default umask settings are 022( for root user) or 002 (for normal user) :
which means :
umask files directories
022 ------> rw-r–r– (i.e 644) rwxr-xr-x ( i.e 755)
002 -------> rw-rw-r- (i.e 664) rwxrwxr-x (i.e 775 )
if Umask is 000 then resulting permissions will be full permissions known as base permissions - 666 for files and 777 for directories.
as per question, you need to set all permission for user and group owners but no permission for others -
hence you need : 770 effective permission to be set on the default login shell :
for that umask required is 7-7, 7-7, 7-0 = 007
remember that there is no meaning of x permission for files ( unless they are exectuables ), so 007 umask will give effective permission of rw-rw--- ( i.e 660) for file and rwxrwx--- ( i.e 770 ) for directories. Hence this meets the requirement.
