Rehashing My File Permissions Understanding(or lack of it)
powderkeg at snow.email.ne.jp
Wed Aug 31 08:40:07 UTC 2005
Paul Howarth wrote:
> Jay Paulson wrote:
>> I was under the impression that changing the umask was a possible
>> security risk. Am I correct in thinking that?
> Possibly, possibly not. Using a umask of 002 instead of 022 is
> something that Red Hat/Fedora specifically cater for. What this means
> is that woth a umask of 002, files are created with group write
> permissions by default, so if your default group is shared with a
> number of other people then they will be able to write to your files
> by default. However, in Red Hat/Fedora, every new user is created with
> their own group by default, which isn't shared with any other user. So
> enabling group write permission isn't a big issue. What this then lets
> you do is to create a separate group for shared data, and then
> everyone's default umask being 002 (if set that way) then makes it
> easy for all members to create and edit files with this shared groupid.
so, in theory, if there were a way to set a umask specifically for a
certain group, it'd be great. For example; when user xman, who is a
member of say, share2 group, creates a new file in a particular dir, the
new file would be writable by all within that same group. Would that
just make things too messy, OR, am I just not getting it.? Cheers.
More information about the users