Solved

default permissions assigned by cp command in Unix

Posted on 2014-04-16
12
673 Views
Last Modified: 2014-04-18
Hi,

What is the default permissions mask when using the cp command in Unix?  it appears to be 644.  I would like to have it be 770.  Umask won't help in this instance as it only takes away permissions, it doesn't add them, apparently?  Is there another way to get that done w/o having to chmod every copied file?

Thanks!

--Ben
0
Comment
Question by:Ben Conner
  • 7
  • 3
  • 2
12 Comments
 
LVL 5

Expert Comment

by:Rok Brnot
ID: 40004538
cp -p will preserve permissions, so if original permissions are 770...
0
 

Author Comment

by:Ben Conner
ID: 40004551
Ah.  That explains a lot. :)  What about when creating a file from scratch?

--Ben
0
 

Author Comment

by:Ben Conner
ID: 40004553
If I wasn't using the -p argument, what would cp do?  This was in a script I had run.
0
 
LVL 5

Accepted Solution

by:
Rok Brnot earned 350 total points
ID: 40004614
In the absence of this option (-p), the permissions of existing destination files are unchanged, while each new file is created with the mode bits of the corresponding source file, minus the bits set in the umask and minus the set-user-ID and set-group-ID bits.
0
 

Author Comment

by:Ben Conner
ID: 40004658
Ah.  So there are default permissions masks associated with individual userids and groups?  That is probably what the root cause of this is, then.  Is there a non-su command available to change that default?
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40005376
The directory you are copying into probably has rw-r--r-- (644) security set. Files created (cp without -p) in there will have those as well. Changing that directory to rwxrwx--- will give you your default of 770 (again without umask).
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Ben Conner
ID: 40005433
Hm.  Just checked and all the target folders had 770 assigned.  Is there a default security setting assigned when an account is set up?  Never been an admin so I wouldn't know.  They don't give me sharp objects.

--Ben
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40005952
That would be the umask. Can you check umask? Just type umask to display the current.
0
 

Author Comment

by:Ben Conner
ID: 40006405
Hi Gerwin,

Thanks, will look at that when I get in to work in a little while.  I guess though I was trying to confirm that while setting up a userid for the first time, there is a spot where the admin sets this for that account as a default?

--Ben
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 150 total points
ID: 40006847
Yes, it is set at /etc/profile for example on RHEL:

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi
0
 

Author Comment

by:Ben Conner
ID: 40006916
That nails it.  So my assumption is if an admin can create it, they can modify it.  That would save us a lot of hassle.

Thanks much!!

--Ben
0
 

Author Closing Comment

by:Ben Conner
ID: 40009997
Excellent insight on an area that isn't very well documented in common references.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now