I have a daemon running as a local user account on my red hat box. The problem is the daemon creates directories using a umask of 022. I need group write access to the directories the daemon is creating. I need the daemon to use a umask of 002. I've edited the daemons startup script in /etc/init.d I've changed the umask in the /etc/init.d/functions file. I've added the line "umask 002" in the user's ~/.bashrc and ~/.bash_profile files. I've also setup /etc/bashrc to assign all users a 002 umask (just for kicks)
I've decided to move this question into a new thread since i haven't received an answer for 3 days. This question was originaly posted here: [URL]... I've already searched in google, however i wasn't able to find an answer that solves my problem... How can i change the umask on a per user basis so that each user can have its own umask to fit his needs? For example: I have four accounts on my system ex.
-So now I want everything from the admin group to be by default set to 002 (so that every user that is in the admins group can have a full share (-rwx rwx r--) of everything that is created by the admins).
-Then the similar to the above managers shoud have 022 umask.
-And each of the regular users should have 002 or 022 or 077 it is up to the users choice.
I hope that i have provided enough info thorough the example.
after installing openSuSE 11.3 i was thinking a bit about security. I read, it's a good idea to set umask of users to 077 . I'm unsure now, where to do this, cause there are different locations offered in the web:
/etc/login.defs $HOME/.profile /etc/profile - umask would be valid for root too.
And for my understanding:
- Is it wise to set root to umask 077 too or could this lead to negative effects on my system.
- Is it even senseless to umask the normal user to 077 if there is just one desktop-user using my system (myself ).
I want to set permissions to a folder as rwx-r-x-r-x in such a way that whenever a new file or folder is created under it, it will automatically inherit the parent folders default permissions.So,what I need to do know, do I have to change the umask value??
My Debian system has by default umask permissions of 0022, which I never liked. One user can read all the files of another seems very insecure to me.
I am planing to set it to 007, so that user and group have rw but all others have none.
Are there any side effects to that? I have noticed from a trial I did where I was changing permissions on the filesystem that some system stuff in the OS does not work anymore, if "others" have no read permission anymore, so that is why I am asking.
And why are chmod / umask permissions sometimes stated as 4 digits? What is this "all" group in the end? Isn't that already covered by "others"?
I am trying to set the umask for a process(orkaudio) which is running as the root user.This program creates dir and files and I need the umask to be 022. I have edited my /etc/bashrc -- and when i type in umask i get 0022 --- Not sure how to go about getting this resolved...
I have 2 Oracle users that generate .tmp files under /var/tmp. By default, the files have the permissions 644. Now, a need has arisen whereby the files created by these users have to have the permission bits as 664. Obviously, I changed the UMASK value for these users from 022 to 02. But the files are still getting created with 644 as the permission.
I tried restarting the application as I read that a relogin is required for the UMASK change to take effect. Even that hasn't helped.
Recently I was going through some chmod manipulations and found the umask values to be 0002 by default in Fedora 11 distro. What I knew about the default values to be 022. I don't know whether this is a kernel modification in this distro or my system is in compromise(I doubt for the latter option, but not confirmed).
I'm struggling to understand an aspect of mounting and mountpoints with /etc/fstab. There is a large number of sites and threads that make recommendations using things like uid, gid, umask, and other options. These methods, however, which I've used, are file-system specific, useful only for filesystems such as (V)FAT and NTFS that allow them.My current situation is that I am mounting partition /dev/sdb5 in, let's call it /media/myMount. My goals:Mount this partition automatically upon boot using /etc/fstab...The partition should be fully accessible only to a specific user or group.What I've done is create the mount point in /media:
If user michapma were to carry out the mount, I believe it would work; however, I want the mount to happen automatically during boot. So, how can I achieve my user (or group) permission goals for this and any other such partitions using fstab?The manpage for mount has been helpful, but after reading many tutorials and forum threads, the only way I know how to do it is to have the user do the mounting or rely on the file-system specific options.
I'm setting up an application server for a small organization using Ubuntu 10.04 and LTSP. We built a machine with a quad core Athlon II, got a Gigabit swtich, and a couple Gigabit ethernet cards. I burned gPXE into a couple EPROMs and turned their old PIII and Duron systems into thin clients.
So far so good.
Now, I'm trying to set up a shared directory that two users in the same group can both read and write. Let's call it "/home/shared". I want to set UMASK to 007, so that by default, files are created readable and writable by user and group, with no permissions for anybody else. I changed a line in "/etc/profile" from "umask 022" to "umask 007". After rebooting the app server, the umask does appear to be 007 when you log in at the console. However, it doesn't seem to affect the terminals.
So I figured I needed to change it in "/opt/ltsp/i386/etc/profile". vi helped me out with that. Didn't make a difference in the terminals. Ok, I need to rebuild the image, so I did an "ltsp-update-image" and rebooted the terminal. umask is still 022. ???
I changed UMASK in "/opt/ltsp/i386/etc/login.defs" and rebuilt the image. No change. ??? I really don't understand why this isn't working.
How can I change the UMASK for users who log in on an LTSP terminal?
I have ext3 partition mounted on /mnt/shared/ as follows
Permissions above are of the actual mounted fs.
Goal is to have all files created on the fs 1) to belong to group 'users' 2) to have this groups permissions set to rw (rwx for directories) so that all users who belong to group 'users' have full read/write access to data and everyone else to have only read access.
Now because of setgid bit (s) in group permissions every file created has group 'users' and additionally setgid bit is set for directories. Because every users umask by default (on my system) is set to 0022 all created files will have permissions 644 for ordinary files and 755 for directories.
Net result of above means that users A and B who both belong to group 'users' won't be able to modify files created by the other.
So how can I make files created on the fs to be created always with umask 0002 WITHOUT changing default umask for users that is used elsewhere (like in their home directory) ?
I want to add 50 new users, not on the server yet I want to add them all to group Accounting - with 1 option, not user by user I want to setup a default password for them all, and have it say something like 'You must now change password or no access will be permitted' Any other options I also want to do once, not for each user?
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
I'm looking for a Linux command that can change ownership of all files belonging to a given user,preferably in a targeted directory, to another specified user. My dream command would look something like this. chuser -R --olduser tom --newuser jerry
This is my scenario... I have a backup file (.tgz) with user and group information preserved in it. It was taken from a web server running Apache and MySQL. The files in the backup are from across the system and contain files from several different users and several system type accounts and it is key that when restored on the new server the settings are not lost. The problem is that the users on the machine the files are being restored to don't match the ones in the backup file. For instance both machines had a MySQL user but they have different user ids and there are several user ids that existed on both machines that belong to different users. This means there is no way to sync the users on the new machine to the ones on the old machine. I can find all the users files with the find command like this...
find /decompressed-backup-dir -uid 1050 or find /decompressed-backup-dir -user tom
If, as I suspect, there is no way to do what I want with a single command then perhaps there is a way to pipe the results of the find command to another command to handle the ownership change?
I could do this with a PHP script but there are 4GB and tens of thousands of files in the backup so I don't want to use PHP or Perl but I would be happy with a shell script that could handle it.
Is It possible to change a process running in root-user to non-root-user by setting suid / uid / euid / gid etc... I so please instruct how, when and wat to set in order to change a process running in root-user to non-root user
I am writing a bash script for auditing a Linux System. One of the points to capture is the umask of the users in the system. Though a 'umask' command executed by the respective user gives this value, i am not sure how to get this in a script, which would be run with root credentials. This my be pretty easy, but i am not sure how root can find this for say 'user-x' (except say peeking into /etc/bashrc).
umask doesn't seem to accept username argument like the 'id' command does...
Does anyone have a solution for cron file permissions. I need them to be automatically generated 640, right not I believe they are 0644. Could I add a umask varible to the syslog.conf file to set the umask for cron generated files? Or is there a better way to do this. I am speaking only of logs generated by root.
ok so im working on homework and im not understanding what my teacher is wanting me to do and i dont have time to email him seeing as he might not read it until tomorrow. so ill copy and paste and if anyone can better explain it,
2) Use the umask command to change your file creation mask such that,by default for new files and directories you create, no permissions are taken away from the 'user' (owner), write permissions are taken away from the 'group' (group owner), and all permissions (read, write and execute) are taken away from 'other'. Take a screenshot of your terminal window showing the results of this step.
3) Use the touch command to create a new file called testfile. Use the ls command to display the contents of your current directory in long mode. Take a screenshot of your terminal window showing the results of this step. Ensure that the directory listing for testfile is completely visible in your screenshot.
4) Use the chown command to change the user associated with testfile (the owner) to cint201. Take a screenshot of your terminal window showing the results of this step.
5) Use the chgrp command to change the the group associated with testfile (the group owner) to users. Take a screenshot of your terminal window showing the results of this step.
6) Use the chmod command to change the permissions for testfile such that the 'user' (owner) permissions are set to read, write and execute, the 'group' (group owner) permission are set to read and execute, the 'other' permissions are set to grant neither read, write nor execute, and finally set the SUID bit for the file. Take a screenshot of your terminal window showing the results of this step.
7) Use the ls command to display the contents of your current directory in long mode. Take a screenshot of your terminal window showing the results of this step. Ensure that the directory listing for testfile is completely visible in your screenshot.
On my Ubuntu 11.04x64 server, I have service accounts running which do not log in and do not have home directories. These service accounts are responsible for running processes which are invoked as services.When these services created new files, I need them to be created with the permissions 664 (UMASK 002).I edited the /etc/profile umask setting to reflect this. I see that now my user account creates files which reflect this new umask setting, but the service accounts do not when I manually created files using their accounts (sudo -u serviceaccount touch newfile).
We have users that send files to our server via sftp... We normallyhave umask set to 022 but for these files we would like to force a umask of 002... I've tried to change in the .bash_profile but does not seem to make any difference...