hunt@dg-rtp.rtp.dg.com (Greg Hunt) (12/16/90)
In article <iNB6T1w163w@wvus.wciu.edu>, pete@wvus.wciu.edu (Pete Gregory) writes: > What are the security implications of a umask (not the system default, but > in all users' .profile/.login files) value of 137??? > > Ignorant minds (including this one) want to know... The umask setting indicates what privilege bits to turn OFF when the user creates a file. So, a umask of 137 means: 1 remove user execute permission 3 remove group write and execute permissions 7 remove other read, write, and execute permissions The 1 is probably not needed since normal files are usually created without execute permission. Directories and executable binaries are usually created with execute permission, and turning it off this way will mean that users will not be able to cd into directories they create, nor be able to execute binaries they create. That's probably not what's intended, so I'd suggest removing the 1, changing the umask to 037. The 3 means that other people in the same group will be able to read the file, but not write to it, nor execute it. That's fine. The 7 means that people other than the owner or people in the same group will not be able to access the file in any way. That's also fine. I'd suggest reading the man page on chmod for more details about the permission bits, and reading the man page on umask for more details about how the mask is used. Remember that the umask is only used when the file is initially created. The file's permission bits can later be changed with chmod. Enjoy! -- Greg Hunt Internet: hunt@dg-rtp.rtp.dg.com DG/UX Kernel Development UUCP: {world}!mcnc!rti!dg-rtp!hunt Data General Corporation Research Triangle Park, NC, USA These opinions are mine, not DG's.