May 2007
Beginner
628 pages
15h 46m
English
You want to make sure you are using a secure umask.
Use the bash built-in umask to set a known good state at the beginning of every script:
# Set a sane/secure umask variable and use it # Note this does not affect files already redirected on the command line # 002 results in 0774 perms, 077 results in 0700 perms, etc... UMASK=002 umask $UMASK
We set the $UMASK
variable in case we need to use different masks elsewhere in the
program. You could just as easily do without it; it’s not a big
deal.
umask 002
Remember that umask is a mask
that specifies the bits to be taken away from the
default permissions of 777 for
directories and 666 for files. When in doubt, test it out:
# Run a new shell so you don't affect your current environment /tmp$ bash # Check the current settings /tmp$ touch um_current # Check some other settings /tmp$ umask 000 ; touch um_000 /tmp$ umask 022 ; touch um_022 /tmp$ umask 077 ; touch um_077 /tmp$ ls -l um_* -rw-rw-rw- 1 jp jp 0 Jul 22 06:05 um000 -rw-r--r-- 1 jp jp 0 Jul 22 06:05 um022 -rw------- 1 jp jp 0 Jul 22 06:05 um077 -rw-rw-r-- 1 jp jp 0 Jul 22 06:05 umcurrent # Clean up and exit the sub-shell /tmp$ rm um_* /tmp$ exit
help umask
Read now
Unlock full access