-1

need to create and change existing file and directory such that all directories and executable files(*.sh, *.bat, *.cmd ..) are 750 and regular file are 640 . I need to this in shell and python both.

I like to set umask to 027 while default is 022 for existing directory .... can't change default umask. Basically need to set umask directory specific

user1656899
  • 101
  • 2
  • Hello, it's unclear whether you want to set umask, that controls how file permissions are set for newly created files, or change active permissions for *existing* files and directories. Please, edit the question clarifying this point. – simlev Nov 15 '18 at 14:12
  • I like to set umask to 027 while default is 022 for existing directory .... can't change default umask – user1656899 Nov 19 '18 at 08:59
  • you seem to not understand what umask is used for, i would recommend you to read this article https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html – Cristian Matthias Ambæk Dec 16 '18 at 00:34

1 Answers1

0

It seems you can't set umask for a directory, see this analogous Q&A.

Let's read man umask to see what your options are:

DESCRIPTION

umask() sets the calling process's file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used), and returns the previous value of the mask.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

Alternatively, if the parent directory has a default ACL (see acl(5)), the umask is ignored, the default ACL is inherited, the permission bits are set based on the inherited ACL, and permission bits absent in the mode argument are turned off. For example, the following default ACL is equivalent to a umask of 022:

u::rwx,g::r-x,o::r-x

Combining the effect of this default ACL with a mode argument of 0666 (rw-rw-rw-), the resulting file permissions would be 0644 (rw-r--r--).

I would say you have three options here:

  1. Leave umask alone and periodically run a script that sets the wanted permissions for files and directories.
  2. Run umask 027 when you are creating files or directories in that particular location - this will affect the current process. Run umask 022 when you are done.

  3. Enable and use ACLs. Since you tagged this question setfacl, you are probably already contemplating this method:

    setfacl -Rdm u::rwx,g::r-x,o::--- .
touch a
mkdir b

    Run ls -al and getfacl * to see the results:

    -rw-r-----  a
drwxr-x---+ b

# file: a
user::rw-
group::r--
other::---

# file: b
user::rwx
group::r-x
other::---
default:user::rwx
default:group::r-x
default:other::---

Note: Default permissions don't differentiate based on file extensions: if you want .sh, .cmd and .bat to have 750 and other files 640, your best option is 1. above.

simlev
  • 1,105
  • 3
  • 14
  • 22
  • umask can be used for files and directories – Cristian Matthias Ambæk Nov 19 '18 at 10:46
  • @CristianMatthiasAmbæk Thank you for your comment. Please expand on this information, since by reading man it looks like umask affects the parent process and not a specific file or directory. – simlev Nov 19 '18 at 11:01
  • check this link https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html read this section "Explain Octal umask Mode 022 And 002" go change umask to something else than 002 such as 004, create a file and folder before and after the change and see permissions between them not being the same for both file and directory. umask has always been used to setup default permissions for both files and folder for aslong as i have worked with it. – Cristian Matthias Ambæk Dec 16 '18 at 00:31
  • @CristianMatthiasAmbæk It is apparent from the info you posted that umask affects permissions for files and folders created from the current process. The question was about setting default permissions on a directory that any process (e.g. a different user) would respect. – simlev Dec 20 '18 at 11:35