Dear community,
Am preparing for RHCSA EX200 by learning RH199.
I need help on RH199 - ch04s05 lab, step #8. It is written "...adjust the default umask for login shells......that allows the user and group to create, write, and execute files..."
From the lesson, I understood that the initial file permission is 0666 and use the umask command to control the permissions to the new created files. However, step #8 instructed to have 770 permission to files.
Completing step #8 and testing it by creating new file for 'student', I was unable to use umask command to achieve the requested task. The newly created file, e.g. file1, after applying UMASK 007 on /etc/login.defs, was only having -rw-rw---- (660), instead of -rwxrwx--- (770) permission.
I could, however, achieve the step #8 objective, by manually using 'chmod 770 file1' command.
Is my understanding correct? If not, how to change 666 to 770 file permissions by using umask command?. Unfortunately, the 'Hide Solution' for step #8 is only showing the checking of applied UMASK command but not by testing it with creating a file.
Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.
A umask value of of 007 will result in this for files:
kernel default 666
- umask 007
------------------------
result 660 (rw-rw----)
You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.
It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):
I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."
This is very confusing as there is no umask value that can be used to turn on the execute bit for files.
I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."
The default kernel permssions are 777 for directories. It is 666 for files.
Therefore, setting a umask of 007 will change the effective permissions to 660 for directories and 770 for files.
Keep in mind that:
Thanks for reminder points.
I believe you're trying to say the default initial permissions are 666 for files and 777 for directories, instead.
I was trying to clarify about files only and the statement on step #8 about the files, "...that allows the user and group to create, write, and execute files..." albeit files with 770.
From the default of 666, to my understanding, there will be no umask value that can change any of digit '6' becomes '7'
Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.
A umask value of of 007 will result in this for files:
kernel default 666
- umask 007
------------------------
result 660 (rw-rw----)
You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.
It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):
I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."
This is very confusing as there is no umask value that can be used to turn on the execute bit for files.
I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."
@RunReon for most Linux distros, default umask settings are 022( for root user) or 002 (for normal user) :
which means :
umask files directories
022 ------> rw-r–r– (i.e 644) rwxr-xr-x ( i.e 755)
002 -------> rw-rw-r- (i.e 664) rwxrwxr-x (i.e 775 )
if Umask is 000 then resulting permissions will be full permissions known as base permissions - 666 for files and 777 for directories.
as per question, you need to set all permission for user and group owners but no permission for others -
hence you need : 770 effective permission to be set on the default login shell :
for that umask required is 7-7, 7-7, 7-0 = 007
remember that there is no meaning of x permission for files ( unless they are exectuables ), so 007 umask will give effective permission of rw-rw--- ( i.e 660) for file and rwxrwx--- ( i.e 770 ) for directories. Hence this meets the requirement.
@Chetan_Tiwary_ , thanks for your time to clarify it again. my point of clarification is focusing on the files.
You agreed that the statement on step #8 asked for 'rwx' for files and 'rwx' for directories (=770). (i don't have permission to attach any screenshot here)
And I totally agree with your statement, ".. remember that there is no meaning of x permission for files ( unless they are exectuables ).."
So, as a fresher, I read step #8 task as: change the default permission from 666 (files) to 770 (executable files) or to 670 (non-executable files) by using umask command.
My understanding is: there is no umask value that can change any of digit '6' to become '7'. Only chmod command can change digit '6' to '7'.
Is my understanding correct?
I tested by creating two files, i.e. file1.sh and file2.txt:
[student@serverb ~]$ sudo -i
[sudo] password for student:
[root@serverb ~]# umask
0022
[root@serverb ~]# vim /etc/login.defs
[root@serverb ~]# exit
[student@serverb ~]$ su -
Password:
Last login: Fri Nov 1 02:38:43 UTC 2024 from 172.25.250.9 on pts/1
[root@serverb ~]# umask
0007
[root@serverb ~]# mkdir runreon
[root@serverb ~]# vim runreon/filel.sh
[root@serverb ~]# touch runreon/file2.txt
[root@serverb ~]# ls -l runreon/
total 0
-rw-rw----. 1 root root 12 Nov 2 02:53 filel.sh
-rw-rw----. 1 root root 0 Nov 2 02:53 file2.txt
[root@serverb ~]#
@RunReon Yes , you will need chmod for that.
Yes, your understanding is correct. The 'chmod' command is required in order to apply execute permissions to any file.
I'd like to add to what @Chetan_Tiwary_ stated about the typical default umask setting up above. What he said is correct, additionally, such default umask setting(s) are considered insecure, as they can generally allow any user with login access on the machine to then access such files with permissive permissions.
Thank you.
R,
-Joe
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.