-1

I am building a small set of utility bash functions and aliases that will live on a special /root partition. I've noticed that whenever I touch aFile or vim aFile, the result is aFile with the permissions -rw-r--r--.

This is highly undesirable if your goal is to run some shell scripts, and that's kind of what I thought the whole point of /root was.

My /root directory permissions are dr-xr-x--- and my umask is 0022. As I understand, I should expect new files to be 0755... but they aren't.

  1. Why?
  2. Is this the default?
  3. How can I make new files executable?
tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100

1 Answers1

1

If you notice, the mask 022 yields 755 on directories (the executable flag makes them browsable, as opposed to invisible when it's not present within the permissions octal), making them searchable. Files, however, do not get this executable bit by default. This is a matter of convenience and security within the POSIX specification.

Aside from your wanting to use the /root directory as a repository for scripts, nobody wants to have to explicitly set their various files that are created to be non-executable across the system as a price for having directories searchable. So in the intrerest of usability you have this problem of default execute on directories, but not files.

Your problem can be easily solved by ACLs, which are capable of permission inheritance (something UNIX permissions cannot do). Read carefully the man pages for getfacl, setfacl, and the documentation here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html

Essentially, ACLs are an extended permission control set that can utilize in addition to extend existing POSIX access capabilities. The fairly limited but universally accepted POSIX ACL set will accomplish what you want.

If you're not interested in inheritance, yet jsut want to make files executable on a one-off basis, the command "chmod" will do what you want. For example, chmod u+x /root/script.sh will render the file /root/script.sh executable by its user owner (which oughtta be root in that case). The man page for chmod will tell more than I need to here.

Spooler
  • 7,046
  • 18
  • 29
  • That really clarifies things for me – tacos_tacos_tacos Sep 15 '16 at 02:56
  • I've been chmodding u+x or g+x all these scripts, but I think that's silly. I am very interested in inheritance and in fact am surprised that this is not part of the default spec for unixlike systems... but your explanation makes sense – tacos_tacos_tacos Sep 15 '16 at 02:57
  • It's a super old spec, based on a bunch of other really convoluted super old specs. Getting rid of it or refactoring it in a really significant way would be about as easy as redesigning conventional electrical diagrams to make sense instead of being backwards. – Spooler Sep 15 '16 at 03:01
  • i guess defaulting files to be executable can display you to various attack types, including CSRF – aaaaa says reinstate Monica Sep 15 '16 at 03:03