Solved

All new files should have chmod = 774

Posted on 2009-05-19
12
2,248 Views
Last Modified: 2013-12-27
User A has read+write access on Directory owned by user B.
In .profile of user A i have set umask=003 so that all files that user A creates(future) in that directory get created as 774 but it is not working and files are being created as 664.

Can someone please advise on how can all files created (in future) by user A can have 774?
Thanks
0
Comment
Question by:oracop
  • 3
  • 2
  • 2
  • +3
12 Comments
 
LVL 23

Accepted Solution

by:
Maciej S earned 29 total points
ID: 24426978
You can't achieve this (setting execute permission for files with umask).
If you are creating file, umask value is subtracted from 666, not 777.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 58 total points
ID: 24427967
this depends on the command / tool used to create files. It will set files perms while creating them. you can not do much here.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 29 total points
ID: 24428966
You need to have some process that changes the permissions after the files have been created as you can't control this with the umask.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 58 total points
ID: 24432223
maybe a crontab job that runs every say 5 min that change perms
0
 
LVL 3

Assisted Solution

by:tkuther
tkuther earned 56 total points
ID: 24462309
I'd use inotifywait from the inotify-tools package and write a small script that just keeps running all the time
#!/bin/bash
 

WATCHED_DIRS="/tmp/aaa /tmp/bbb"
 

for dir in ${WATCHED_DIRS}; do

        if [[ ! -d "${dir}" ]]; then

                echo "Error: ${dir} does not exist"; exit 1

        fi

done
 

while true; do

        EVENT="`inotifywait -q -r -e create ${WATCHED_DIRS}`"

        DIR="`echo ${EVENT}|awk -F' CREATE ' '{print $1}'`"

        FILE="`echo ${EVENT}|awk -F' CREATE ' '{print $2}'`"
 

        if [[ ! -f "${DIR}${FILE}" ]] || [[ -x "${DIR}${FILE}" ]]; then

                continue

        fi
 

        chmod 774 ${DIR}${FILE}

done

Open in new window

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Assisted Solution

by:tkuther
tkuther earned 56 total points
ID: 24462364
...if inotify is available at all on the system. I should have thought of that first. Above works on Linux.

On Solaris it could be done with BSM Audit and parsing its logs maybe.
0
 
LVL 4

Assisted Solution

by:docbert
docbert earned 28 total points
ID: 24618175
umask is a "mask" in that it is used to remove permissions when creating a file.  What's going to cause you difficulty is that two things are used when creating a new file - the first is the permissions that the program creating the file asks for, and the second is the umask.

ie, if the program creating the file asks for the permissions "777" and the umask is 003, then the resulting permissions will be 774.  However if the program asks for "644" and the umask is 003, then you're going to end up with 644 - none of the bits you've asked to be cleared are set, and thus it doesn't change the result.  Normally this isn't a problem as you wouldn't want execute permissions on a file anyway - or if you did, the program creating the file will normally explicitly ask for execute permission (eg, by setting the default permissions to 777)

umask can not be used to add bits to the permissions the original program sets.  This leaves you with 2 options.

The first is as has been suggested above - something that reactively changes the permissions.  This is ugly, but might be your only choice. You could do this with a cron job and the "find" command using the -perms options to look for files that don't match your desired permissions.

The second options it to change whatever is creating the file.  Some software (eg, Samba) has config options that allow you to set the default permissions for a file.  Set that to 777, and then with your umask or 003 the end result will be 774 as desired.  Alternatively if you've got the source you can change the default permissions in that - look for it using the "open" system call, and change the permissions it's passing.
0
 
LVL 1

Author Comment

by:oracop
ID: 24841469
Please close the question and refund the points.... Am not able to get Solution specific to problem.
Thanks all for your feedback.

regards.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 24843113
Sometimes a non-solution can be a solution.  Not every problem is solvable.

0
 
LVL 48

Expert Comment

by:Tintin
ID: 24845524
I'd split the points between oklit, omarfarid, tintin, tkuther and docbert.

Reason being that an explanation was given why the solution wasn't possible using umask, but some alternative workarounds were given.

If the workarounds weren't suitable, then the questioner should have followed up with some feedback.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now