1

In a script, should I create a file first and then, use CHMOD to assign permissions (Example- first using TOUCH command to create a file and then, using CHMOD to edit permissions on that file) "OR" should I mask permissions using UMASK as I create a file ? Also, please explain what are the pros and cons of choosing one over another ?

Note: This file doesn't need to be executed.

sulabh chaturvedi
  • 3,608
  • 3
  • 13
  • 25

3 Answers3

4

As with most things, it depends on far more information than you've given :-)

However, it's usually a good idea to do things in a closed manner then open them up, rather than the other way around. This is basic "Security 101".

For example, let's say you're creating a file for the user and the user has foolishly selected a umask of zero (effectively all files created will have full permissions for everyone).

In that case, the file is fully open for anyone to change between the creation and chmod stage and, while you can minimise this time, you cannot really remove it totally.

For the truly paranoid among us, it would be better to actually create the file in as closed a manner as possible (probably just rw for owner), do whatever you have to do to create the content of that file, then use chmod to open it up to whatever state it needs to be, something like:

( umask 177 ; create_file myfile.txt ; chmod 644 myfile.txt )
paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
0

Briefly saying - it doesn't matter. And in most cases approach depends on your needing.

If you need the same file permissions over whole your script logic, I would prefer to setup it in the beginning of the script and just create file rather than create and run chmod command. However you can set file permissions at once at the end of script running chmod 0XXX -R /path/to/folder

Alex Kapustin
  • 1,869
  • 12
  • 15
0

You should always have UMASK for specific user as you don't want to be dealing with setting permissions every-time you or an application create a file. You can further protect/release any specific files if you want using CHMOD (these cases will be very rare). Unless the file you are creating needs to be protected/accessed specifically, you should have a UMASK working for it's permissions.

  • Create a separate user and specified directory for the application that is running the script.
  • set it's appropriate UMASK.
  • Specify extra permissions if you need it
Manish Batra
  • 102
  • 6
  • 1
    Why can't I just use CHMOD to do this i.e. instead of using UMASK + CHMOD, just use CHMOD? This is all done in script, so, this ain't going to be repetitive, right ? – sulabh chaturvedi Oct 29 '17 at 07:28
  • Brother as I said, it will depend on your file whether you should use chmod or not. Regardless of that, you should always have a UMASK setup fir the user you're running that script with. You'll also need to create many other scripts and files so UMASK would only help – Manish Batra Oct 29 '17 at 07:38