umask settings for users
Umask defines the default settings for user files on a system, the setting is stored in the standard shell configuration files (.profile, .bashrc, etc). The umask is used by the open system call to set initial file permissions on a newly-created file.
By default, the cp and ftp commands create files using the open system call. However, if a file of the same name already exists, the permissions of the existing file will be preserved (because no new file was created). The tar command, however, is a bit different. When extracting files, tar uses the permissions of each file (as the file was stored) as the base permission upon which to apply the umask.
The essential point here is that strict user settings should be used when setting up the umask for users. The strictest is setting the umask at 077. this means that files and directories created by users will not be readable by any other user on the system. The user still has the ability to change their umask to something which may be more apporpriate for them or changing the file permissions on the file after the fact with the chmod command.
The point still stands Linux is suppose to be a secure system, the best way to keep it secure is to ensure files that aren't suppose to be shared aren't shared across the network.
By default, the cp and ftp commands create files using the open system call. However, if a file of the same name already exists, the permissions of the existing file will be preserved (because no new file was created). The tar command, however, is a bit different. When extracting files, tar uses the permissions of each file (as the file was stored) as the base permission upon which to apply the umask.
The essential point here is that strict user settings should be used when setting up the umask for users. The strictest is setting the umask at 077. this means that files and directories created by users will not be readable by any other user on the system. The user still has the ability to change their umask to something which may be more apporpriate for them or changing the file permissions on the file after the fact with the chmod command.
The point still stands Linux is suppose to be a secure system, the best way to keep it secure is to ensure files that aren't suppose to be shared aren't shared across the network.
<< Home