shellylh Posted May 2, 2013 Report Posted May 2, 2013 The default umask setting when I save anything on the unix system at work (via samba) is that everyone can read it. This is totally stupid and I have talked to the chair about this but nobody wants to change it. I know that one can change this setting for the whole system in the smb.conf file. Is there a way that I can change the default for me when I login. I have already changed the default setting when things are created when I am logged in via ssh but can't figure out how to do it when copying files from my computer. Most of the files I save are grades and letters of recommendations and things like that and I don't want to risk forgetting to change the umask settings and having them readable by others on the server.
Nebby Posted May 2, 2013 Report Posted May 2, 2013 (edited) You set it via your .login file within your home directory (~/.login) To modify it for your shells you change the respective profile file: Korn / Bourne shell: ~/.profile C shells: ~/.cshrc file Bash shell: ~/.bash_profile Edited May 2, 2013 by Nebby
Dusty Chalk Posted May 2, 2013 Report Posted May 2, 2013 The command is actually umask, and it's the reverse of what you want to set it to, so if you want to make it completely private to you ('owner'), it's umask 077, and if you want to allow others to read but not write, it's umask 022. link And then you set up the command to execute when you first log in as Ben said.
shellylh Posted May 2, 2013 Author Report Posted May 2, 2013 (edited) I already have have umask 077 in my .cshrc file. That doesn't do anything when I login via the samba server (meaning mount the folder on my mac via "Connect to Server" smb:serveripaddress). There must be some way to tell the samba server to copy my files as unreadable by groups and others. Edit #1: Oh, nevermind, you are saying to put it in the .login file as well. I'll try that. Edit #2: I put it in the .login file and it still copies and creates new files as readable by all. Edit #3: I think I figured out the problem. I think the permissions on my mac allow reading by others and it is copying those permission. Edited May 2, 2013 by shellylh
Dusty Chalk Posted May 2, 2013 Report Posted May 2, 2013 Sounds right -- you need to see if there's a way to change the default permissions on your mac when you create a file.
shellylh Posted May 2, 2013 Author Report Posted May 2, 2013 Yes, I do. I don't like the default permission being readable by "everyone" (although presumably this is just me and my admin account - again me since I don't have any guest account or other accounts). Still, I don't know why Mac would set this as their default. Maybe a Mac person could help me out here.
Nebby Posted May 2, 2013 Report Posted May 2, 2013 (edited) Not a Mac user, but I found this link: http://support.apple.com/kb/ht2202 Umask for user applications In Mac OS X v10.5.3 and later, you can create the file /etc/launchd-user.conf with the contents "umask nnn". Do not include the quotation marks and replace nnn with the desired umask value, such as 027 or 002. This will set the user's umask for all applications they launch, such as Finder, TextEdit, or Final Cut Pro, and control the permissions set on new files created by any of these applications. Note: If you are using OS X Lion, you should update to OS X Lion v10.7.4 or later. Files and folders created in the Finder will then respect the user umask. They also list the default umasks in the article: For example, the default umask of 022 results in permissions of 644 on new files and 755 on new folders: groups and other users can read the files and traverse the folders, but only the owner can make changes. Edited May 2, 2013 by Nebby
shellylh Posted May 2, 2013 Author Report Posted May 2, 2013 That almost works. However, when I create a directory with the "New Folder" command on Mac, it still creates a directory with permissions: drwx--x--x. If I create a file with, say TextMate, it creates a file where only I have permission to rw. Weird. I put umask 077 in the file /etc/launchd-user.conf If I create a folder on Mac, only I can open it now, and when I copy it over, it is fine. However, if I create a new folder directly into a folder on the server, others can execute it.
grawk Posted May 2, 2013 Report Posted May 2, 2013 Executable folders probably aren't a problem, and I'd guess its an artifact of the windows origin. With execute, they can cd into it but can't list the contents.
Nebby Posted May 2, 2013 Report Posted May 2, 2013 (edited) Can you create a folder from within TextMate? That Mac article listed a method to apply umask to system processes (I'm guessing the New Folder command falls under that), but warned that since it applies it at the system level you can break things if you're not careful. Umask for system processes In Mac OS X v10.4 and later, create the file /etc/launchd.conf with the contents "umask nnn". Do not include the quotation marks and replace nnn with the desired umask value, such as 027 or 002.This will set the umask for all processes. Changing this value is strongly discouraged because it changes the permissions on files used by the system software. If the permissions are too restrictive, dependent software may not work. If the permissions are too open, they may introduce security issues. As Grawk said though, execute only allows them to cd into it. Edited May 2, 2013 by Nebby
Dusty Chalk Posted May 3, 2013 Report Posted May 3, 2013 Just to be clear, 'x' on directories has an entirely different meaning than it does on files. Sent frum mah phone-blet using Tapatalk.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now