Archive for the ‘6 - File permissions’ Category

VI – Default file permissions

onsdag, juni 23rd, 2010

Every time you create a file some default permissions is set to it. The permissions are set in file ‘/etc/profile‘ in the variable ‘umask‘ e.g. ‘umask=022′. Every hacker with an IQ slightly over rooms temperature realizes that this is a bit mask. In the case ‘umask=022′ this translates into rights ‘644′ (rw- r– r–) for your created files and ‘755′ (rwx r-x r-x) for your created directories. Maybe an explanation is in place, the bit mask ‘022′ equals ‘000 010 010′ in binary notation. We start out by bit inversion which converts our mask to ‘111 101 101′. Fine. Now we apply these bits with the AND operator to the default set of permissions which is ‘666‘ (‘110 110 110′ or ‘rw- rw- rw-’) for files and ‘777‘ (‘111 111 111′ or ‘rwx rwx rwx’) for directories.
See, a file will never be set with execution rights when created.

For ‘umask=022′ (=000 010 010) this will give us:

111 101 101 (inverted umask)
110 110 110 (default file values)
= 110 100 100 which equals ‘rw- r– r–’ or ‘644′ for files

and for directories:
111 101 101 (inverted umask)
111 111 111 (default directory values)
= 111 101 101 which equals ‘rwx r-x r-x’ or ‘755′

Another example:
umask=556 (‘r-x r-x rw-’ or ‘101 101 110′)

For files:
010 010 001 (inverted umask)
110 110 110 (default file values)
= 010 010 000 which equals ‘-w- -w- —’ or ‘220′

For directories:
010 010 001 (inverted umask)
111 111 111 (default directory values)
= 010 010 001 which equals ‘-w- -w- –x’ or ‘221′