[KLUG Members] umask

[Robert V. Kanaley]

Komal,

Initially umask confused me too. It became less confusing when I learned
that the umask value is logically XOR'ed with 777 (rwx,rwx,rwx) for
directories, while for files the umask is XOR'ed with 666 (rw-,rw-,rw-).

By unmasking files from a value of 666, users are prevented from
inadvertently creating executable files that could wreak havoc on a system.
Using the default Unix umask value of 022, directories are created with
default permissions of 777-022 = 755 while files are created with
permissions of 666-022 = 644. Having files created with permissions of 644
prevents other users and other members of a user’s primary group from
modifying a user’s files.

In the case of directories, unmasking 777 with 022 to yield permissions of
755 makes just as much sense.

To list the contents of a directory the ls process must read the contents of
the inode that contains the directory list. Hence, enabling the read bit on
a directory gives a user or group permission to read the inode that holds
the directory list.

To Change Directory from your present working directory requires that you
execute the CD command on the target directory. If the execute bit is not
set on the directory you cannot CD into it. It makes little sense for a user
or group to be able to list a directory, but not be able to CD into it.
Using the Unix default umask value of 022 ensures that users and groups who
can list a directory can also CD into it.

Hope that umask makes more sense now.

Regards,

Bob

Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk at agdia.com
http://www.agdia.com