cancel
Showing results for 
Search instead for 
Did you mean: 
RunReon
Mission Specialist
Mission Specialist
  • 682 Views

RH199 - ch04s05 lab: clarification on how to change 666 to 770?

Jump to solution

Dear community,

Am preparing for RHCSA EX200 by learning RH199.

I need help on RH199 - ch04s05 lab, step #8. It is written "...adjust the default umask for login shells......that allows the user and group to create, write, and execute files..."

From the lesson, I understood that the initial file permission is 0666 and use the umask command to control the permissions to the new created files. However, step #8 instructed to have 770 permission to files.

Completing step #8 and testing it by creating new file for 'student', I was unable to use umask command to achieve the requested task. The newly created file, e.g. file1, after applying UMASK  007 on /etc/login.defs, was only having -rw-rw---- (660), instead of -rwxrwx--- (770) permission.

I could, however, achieve the step #8 objective, by manually using 'chmod 770 file1' command.

Is my understanding correct?  If not, how to change 666 to 770 file permissions by using umask command?. Unfortunately, the 'Hide Solution' for step #8 is only showing the checking of applied UMASK command but not by testing it with creating a file.

1 Solution

Accepted Solutions
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 509 Views

Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.

A umask value of of 007 will result in this for files:

  kernel default 666
- umask            007
  ------------------------
  result              660 (rw-rw----)

You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.

It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):

Tracy_Baker_0-1730594808058.png

I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."

This is very confusing as there is no umask value that can be used to turn on the execute bit for files.

I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

View solution in original post

7 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 651 Views

The default kernel permssions are 777 for directories. It is 666 for files.

Therefore, setting a umask of 007 will change the effective permissions to 660 for directories and 770 for files.

Keep in mind that:

  1. there is only one umask value that is applied to directories and files.
  2. changing the umask value does not change permissions on existing directories and files.
  3. if changed at the command line, the change is only used during the duration of the current terminal session and does not impact other terminal sessions.
  4. if the change is to be persistent, files must be edited. For any individual user, ~/.bashrc can be edited by adding the line umask 007. For all users, /etc/profile can be edited to have something like:

Tracy_Baker_0-1730479802794.png

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
RunReon
Mission Specialist
Mission Specialist
  • 617 Views

Thanks for reminder points.

I believe you're trying to say the default initial permissions are 666 for files and 777 for directories, instead.

I was trying to clarify about files only and the statement on step #8 about the files, "...that allows the user and group to create, write, and execute files..." albeit files with 770.

From the default of 666, to my understanding, there will be no umask value that can change any of digit '6' becomes '7'

Tracy_Baker
Starfighter Starfighter
Starfighter
  • 510 Views

Whoops, yes: 777 for directories and 666 for files. I've edited my reply so as to not cofuse anyone in the future.

A umask value of of 007 will result in this for files:

  kernel default 666
- umask            007
  ------------------------
  result              660 (rw-rw----)

You are right: there is no umask value that can be used to turn on the execute bit for files (because umask values are subtracted from kernel values). If the execute bit is required on files, that has to be done manually using chmod.

It was nice of @Chetan_Tiwary_ to post the actual question (I don't have access to the RH199 material):

Tracy_Baker_0-1730594808058.png

I can see why this is confusing as it does say, "Normal users should have a umask setting that allows user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying or executing new files and directories."

This is very confusing as there is no umask value that can be used to turn on the execute bit for files.

I'd reword the question so that it says something like this: "Normal users should have a umask value that results in the following permissions: rwxrwx--- for directories and rw-rw---- for files."

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Chetan_Tiwary_
Community Manager
Community Manager
  • 639 Views

@RunReon for most Linux distros, default umask settings are 022( for root user)  or 002 (for normal user) :

which means :

umask         files                                directories

022  ------>  rw-r–r–   (i.e 644)         rwxr-xr-x  ( i.e 755)

002 ------->  rw-rw-r- (i.e 664)         rwxrwxr-x   (i.e 775 )

if Umask is 000 then resulting permissions will be full permissions known as base permissions - 666 for files and 777 for directories.

as per question, you need to set all permission for user and group owners but no permission for others - 

Chetan_Tiwary__0-1730487221969.png

hence you need : 770 effective permission to be set on the default login shell :

for that umask required is 7-7, 7-7, 7-0 = 007

remember that there is no meaning of x permission for files ( unless they are exectuables ), so 007 umask will give effective permission of rw-rw--- ( i.e 660)   for file  and rwxrwx---  ( i.e 770 ) for directories. Hence this meets the requirement.

Chetan_Tiwary__1-1730488654188.png

 

RunReon
Mission Specialist
Mission Specialist
  • 608 Views

@Chetan_Tiwary_ , thanks for your time to clarify it again. my point of clarification is focusing on the files.

You agreed that the statement on step #8 asked for 'rwx' for files and 'rwx' for directories (=770). (i don't have permission to attach any screenshot here)

And I totally agree with your statement, ".. remember that there is no meaning of x permission for files ( unless they are exectuables ).."

So, as a fresher, I read step #8 task as: change the default permission from 666 (files) to 770 (executable files) or to 670 (non-executable files) by using umask command.

My understanding is: there is no umask value that can change any of digit '6' to become '7'. Only chmod command can change digit '6' to '7'.

Is my understanding correct?

I tested by creating two files, i.e. file1.sh and file2.txt:
[student@serverb ~]$ sudo -i
[sudo] password for student:
[root@serverb ~]# umask
0022
[root@serverb ~]# vim /etc/login.defs
[root@serverb ~]# exit
[student@serverb ~]$ su -
Password:
Last login: Fri Nov 1 02:38:43 UTC 2024 from 172.25.250.9 on pts/1
[root@serverb ~]# umask
0007
[root@serverb ~]# mkdir runreon
[root@serverb ~]# vim runreon/filel.sh
[root@serverb ~]# touch runreon/file2.txt
[root@serverb ~]# ls -l runreon/
total 0
-rw-rw----. 1 root root 12 Nov 2 02:53 filel.sh
-rw-rw----. 1 root root  0 Nov 2 02:53 file2.txt
[root@serverb ~]#

Chetan_Tiwary_
Community Manager
Community Manager
  • 473 Views

@RunReon Yes , you will need chmod for that.

  • 51 Views

Yes, your understanding is correct.  The 'chmod' command is required in order to apply execute permissions to any file.

I'd like to add to what @Chetan_Tiwary_ stated about the typical default umask setting up above.  What he said is correct, additionally, such default umask setting(s) are considered insecure, as they can generally allow any user with login access on the machine to then access such files with permissive permissions.

Thank you.

R,

-Joe

Join the discussion
You must log in to join this conversation.