Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!sunybcs!boulder!hao!husc6!mit-eddie!uw-beaver!tektronix!orca!tekecs!doghouse!snoopy
From: snoopy@doghouse.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: umask and multiple groups
Message-ID: <9391@tekecs.TEK.COM>
Date: Thu, 19-Nov-87 11:58:08 EST
Article-I.D.: tekecs.9391
Posted: Thu Nov 19 11:58:08 1987
Date-Received: Sat, 21-Nov-87 17:27:19 EST
References: <21241@cmcl2.NYU.EDU> <9100007@uiucdcsm>
Sender: nobody@tekecs.TEK.COM
Reply-To: snoopy@doghouse.gwd.tek.com (Snoopy)
Organization: The Daisy Hill Puppy Farm
Lines: 35
Keywords: umask groups

In article <9100007@uiucdcsm> acheng@uiucdcsm.cs.uiuc.edu writes:

>>	(file_mode & ~umask & dir_mode)

>The mode of directory is usually quite different from its files.  For
>one thing, all directories must have at least one x-bit on but most
>files have all x-bits off.  If all created files inherite that x-bit,
>am I up for suprises since I have "." at the beginning of my $PATH.

You misunderstand.  The mode of the directory would be used as a second
mask, it would not be stuffed in directly.

Example:  I have my umask set to 022, I create a file in a directory
that is mode 770:

file_mode = 666		/* default before any masking */
    umask = 022		/* turn off write permission to group and other */
   ~umask = 755
 dir_mode = 770		/* turn off all permission to other */

The file is created as mode 640, not mode 770.

In practice, one might set their umask to 002, their home directory to
mode 700, and group project directories to mode 770.  Then everything
created under your home directory would be completely safe, everything
in the group project directory could be used by anyone in the group,
and files created in public directories like /tmp could be read by
anyone.  There are still cases where you'd need to do a chmod, but
it would be better than what we have now.

Snoopy
tektronix!doghouse.gwd!snoopy
snoopy@doghouse.gwd.tek.com

NFS: No Frigging Security