Set permissions for future folders and files
You are asking that when ever you create a file or directory those will automatically assign default permissions set by you.
umask 000 #put it in .bashrc file
umask
is inverse ofchmod
.chmod
is used to give permissions.umask
is used to revoke permissions.
umask 000
means your are giving future files 666
and directories 777
permissions.
by default 022
is assigned, which means chmod 755
.
Related videos on Youtube
giogix
Updated on September 18, 2022Comments
-
giogix almost 2 years
I have some trouble managing permits in a folder and relative sub folders.
- I am working on ubuntu 14.04.
- I have a software which periodically creates new folders and files inside of a main folder.
For example I have the main folder
/media/Folder
and the software create the folder /media/Folder/First_Folder. When it creates the new folder, this one has no permits to write for the group and for other users. Here the output of thels -al
command:drwxr-xr-x
. The software also creates other folders inside of the previous one, for example/media/Folder/First_Folder/Second_Folder1
,/media/Folder/First_Folder/Second_Folder2
, and so on.I need to have full permits in all the subfolders and files, also the newly generated. I tried changing the permits recursively with the command:
sudo chmod 777 -R /media/Folder
but when new folders are created those have no permits again. After this i tried modifying the ACLs but i'm not really confident with these. Here's mygetfacl
screen:file: Folder/ # owner: ubuntu # group: ubuntu # user::rwx group::rwx other::rwx
As you can see my owner and group are ubuntu:ubuntu. Then i try to chenge the ACL using the command:
sudo setfacl -Rdm g:ubuntu:rwx /media/Folder/
and now the screen become this:
# file: Folder/ # owner: ubuntu # group: ubuntu user::rwx group::rwx other::rwx default:user::rwx default:group::rwx default:group:ubuntu:rwx default:mask::rwx default:other::rwx
which looks good. But if i create a new folder inside of it the getfacl screen is:
# file: Folder//First_Folder # owner: ubuntu # group: ubuntu user::rwx group::r-x group:ubuntu:rwx mask::rwx other::r-x default:user::rwx default:group::rwx default:group:ubuntu:rwx default:mask::rwx default:other::rwx
As you can see the line with 5 and 8 it miss the write permit. How can i have always all permits ? I mean also for the future folders and files.
PS I tried also launching the commands:
sudo setfacl -Rdm o::rwx /media/Sources/Previsioni/
andsudo setfacl -Rdm g::rwx /media/Sources/Previsioni/
.Here's my etc/fstab:
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=9deb0e4a-b93e-4cc6-8bda-c41f5e9244c7 / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=88be1282-e36e-49d4-820a-d05345addf5d none swap sw 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0 //master/Triple_RDF /media/Folder cifs credentials=/home/ubuntu/.smbcredentials 0 0
Here's my login.defs content:
# /etc/login.defs - Configuration control definitions for the login package. # # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. # If unspecified, some arbitrary (and possibly incorrect) value will # be assumed. All other items are optional - if not specified then # the described action or option will be inhibited. # # Comment lines (lines beginning with "#") and blank lines are ignored. # # Modified for Linux. --marekm # REQUIRED for useradd/userdel/usermod # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define MAIL_DIR and MAIL_FILE, # MAIL_DIR takes precedence. # # Essentially: # - MAIL_DIR defines the location of users mail spool files # (for mbox use) by appending the username to MAIL_DIR as defined # below. # - MAIL_FILE defines the location of the users mail spool files as the # fully-qualified filename obtained by prepending the user home # directory before $MAIL_FILE # # NOTE: This is no more used for setting up users MAIL environment variable # which is, starting from shadow 4.0.12-1 in Debian, entirely the # job of the pam_mail PAM modules # See default PAM configuration files provided for # login, su, etc. # # This is a temporary situation: setting these variables will soon # move to /etc/default/useradd and the variables will then be # no more supported MAIL_DIR /var/mail #MAIL_FILE .mail # # Enable logging and display of /var/log/faillog login failure info. # This option conflicts with the pam_tally PAM module. # FAILLOG_ENAB yes # # Enable display of unknown usernames when login failures are recorded. # # WARNING: Unknown usernames may become world readable. # See #290803 and #298773 for details about how this could become a security # concern LOG_UNKFAIL_ENAB no # # Enable logging of successful logins # LOG_OK_LOGINS no # # Enable "syslog" logging of su activity - in addition to sulog file logging. # SYSLOG_SG_ENAB does the same for newgrp and sg. # SYSLOG_SU_ENAB yes SYSLOG_SG_ENAB yes # # If defined, all su activity is logged to this file. # #SULOG_FILE /var/log/sulog # # If defined, file which maps tty line to TERM environment parameter. # Each line of the file is in a format something like "vt100 tty01". # #TTYTYPE_FILE /etc/ttytype # # If defined, login failures will be logged here in a utmp format # last, when invoked as lastb, will read /var/log/btmp, so... # FTMP_FILE /var/log/btmp # # If defined, the command name to display when running "su -". For # example, if this is defined as "su" then a "ps" will display the # command is "-su". If not defined, then "ps" would display the # name of the shell actually being run, e.g. something like "-sh". # SU_NAME su # # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins # # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games # # Terminal permissions # # TTYGROUP Login tty will be assigned this group ownership. # TTYPERM Login tty will be set to this permission. # # If you have a "write" program which is "setgid" to a special group # which owns the terminals, define TTYGROUP to the group number and # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign # TTYPERM to either 622 or 600. # # In Debian /usr/bin/bsd-write or similar programs are setgid tty # However, the default and recommended value for TTYPERM is still 0600 # to not allow anyone to write to anyone else console or terminal # Users can still allow other people to write them by issuing # the "mesg y" command. TTYGROUP tty TTYPERM 0600 # # Login configuration initializations: # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). # UMASK Default "umask" value. # # The ERASECHAR and KILLCHAR are used only on System V machines. # # UMASK is the default umask value for pam_umask and is used by # useradd and newusers to set the mode of the new home directories. # 022 is the "historical" value in Debian for UMASK # 027, or even 077, could be considered better for privacy # There is no One True Answer here : each sysadmin must make up his/her # mind. # # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value # for private user groups, i. e. the uid is the same as gid, and username is # the same as the primary group name: for these, the user permissions will be # used as group permissions, e. g. 022 will become 002. # # Prefix these values with "0" to get octal, "0x" to get hexadecimal. # ERASECHAR 0177 KILLCHAR 025 UMASK 000 # # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts #SYS_UID_MIN 100 #SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts #SYS_GID_MIN 100 #SYS_GID_MAX 999 # # Max number of login retries if password is bad. This will most likely be # overriden by PAM, since the default pam_unix module has it's own built # in of 3 retries. However, this is a safe fallback in case you are using # an authentication module that does not enforce PAM_MAXTRIES. # LOGIN_RETRIES 5 # # Max time in seconds for login # LOGIN_TIMEOUT 60 # # Which fields may be changed by regular users using chfn - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". # CHFN_RESTRICT rwh # # Should login be allowed if we can't cd to the home directory? # Default in no. # DEFAULT_HOME yes # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # # If set to yes, userdel will remove the user´s group if it contains no # more members, and useradd will create by default a group with the name # of the user. # USERGROUPS_ENAB yes # # Instead of the real user shell, the program specified by this parameter # will be launched, although its visible name (argv[0]) will be the shell's. # The program may do whatever it wants (logging, additional authentification, # banner, ...) before running the actual shell. # # FAKE_SHELL /bin/fakeshell # # If defined, either full pathname of a file containing device names or # a ":" delimited list of device names. Root logins will be allowed only # upon these devices. # # This variable is used by login and su. # #CONSOLE /etc/consoles #CONSOLE console:tty01:tty02:tty03:tty04 # # List of groups to add to the user's supplementary group set # when logging in on the console (as determined by the CONSOLE # setting). Default is none. # # Use with caution - it is possible for users to gain permanent # access to these groups, even when not logged in on the console. # How to do it is left as an exercise for the reader... # # This variable is used by login and su. # #CONSOLE_GROUPS floppy:audio:cdrom # # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. # Set to "no" if you need to copy encrypted passwords to other systems # which don't understand the new algorithm. Default is "no". # # This variable is deprecated. You should use ENCRYPT_METHOD. # #MD5_CRYPT_ENAB no # # If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) # Overrides the MD5_CRYPT_ENAB option # # Note: It is recommended to use a value consistent with # the PAM modules configuration. # ENCRYPT_METHOD SHA512 # # Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. # # Define the number of SHA rounds. # With a lot of rounds, it is more difficult to brute forcing the password. # But note also that it more CPU resources will be needed to authenticate # users. # # If not specified, the libc will choose the default number of rounds (5000). # The values must be inside the 1000-999999999 range. # If only one of the MIN or MAX values is set, then this value will be used. # If MIN > MAX, the highest value will be used. # # SHA_CRYPT_MIN_ROUNDS 5000 # SHA_CRYPT_MAX_ROUNDS 5000 ################# OBSOLETED BY PAM ############## # # # These options are now handled by PAM. Please # # edit the appropriate file in /etc/pam.d/ to # # enable the equivelants of them. # ############### #MOTD_FILE #DIALUPS_CHECK_ENAB #LASTLOG_ENAB #MAIL_CHECK_ENAB #OBSCURE_CHECKS_ENAB #PORTTIME_CHECKS_ENAB #SU_WHEEL_ONLY #CRACKLIB_DICTPATH #PASS_CHANGE_TRIES #PASS_ALWAYS_WARN #ENVIRON_FILE #NOLOGINS_FILE #ISSUE_FILE #PASS_MIN_LEN #PASS_MAX_LEN #ULIMIT #ENV_HZ #CHFN_AUTH #CHSH_AUTH #FAIL_DELAY ################# OBSOLETED ####################### # # # These options are no more handled by shadow. # # # # Shadow utilities will display a warning if they # # still appear. # # # ################################################### # CLOSE_SESSIONS # LOGIN_STRING # NO_PASSWORD_CONSOLE # QMAIL_DIR
-
giogix almost 10 yearsPs: i can't use the command umask because i can't have access to the software which creates folders and files
-
NickTux almost 10 yearsDid you read this?. Try to set
acl
option via grub and test again. Also, I cannot understand your comment aboutumask
.umask
should fit here as the best solution, but I cannot understand why you can't use it. -
NickTux almost 10 yearsYes, but I cannot see the
acl
option at fstab file. Although I think it's set by default, but I'm not absolutely sure.
-
Dishank Jindal almost 10 yearsNo, tell me what permission you want for your future file or directories.
-
Andrew almost 10 yearsYou can set system-wide umask with /etc/login.def (must be enabled via pam.d). Individual user profiles will still override this setting, as needed.
-
giogix almost 10 yearsDishank, right now i want full permission for user, group and others (everybody). I know it's not the best thing to do, but is temporary. Nikth yor solution seems good, but in this way am i going to change the default settings for all the folders ? What should i write in profile and bashrc to modify the permissions just in the selected folder ? ... Andrew i didn't really understand yor comment.
-
Dishank Jindal almost 10 yearsGo to cat ~/.bashrc. And write umask 777 at the end of the line. .bashec file is in home directory.
-
giogix almost 10 yearsAre you sure ? Is it not umask 000 ? I mean, umask is complementary of chmod right ? ... I will do it, but as i told you before this solution is going to change the default settings of all the folders ... but i wanted to do it just for a folder and relative sub-folders.
-
Dishank Jindal almost 10 yearsIt will not do that for your existing files and folders. But if you want to change the permission of existing home directory chmod -R 777 ~
-
giogix almost 10 yearsOk, i did what you suggested me to do. First i have to say that putting the string umask 000 in the end of the .bashrc file (in my home directory) didn't affect anything. May be it's about my linux version (which is Ubuntu 14.04). I actually found the default umask command inside of the file /etc/login.defs. So i changed the value from 022 to 000. Then i changed the owner of the folder from root to ubuntu with the chmod command (i'm working on a different PC now respect to the first question). Now when i create new folder the permits are drwxrwxr-x.
-
giogix almost 10 yearsHow can i set default writing permits for the other users ? I mean, i need to have the following configuration drwxrwxrwx. Actually i think this is my real problem, i need to have full writing permits for other users, and i don't really care about the group's permits.
-
Dishank Jindal almost 10 years1) To change owner chown user-name file-name. Check the /etc/login.defs again there might be a problem with umask. The permissions have to be all to all users. check it again.
-
giogix almost 10 yearsI wrote wrong in my previous comment. I actually have used the chown command, and not the chomd as i wrote. Anyway i put my /etc/login.defs content in a answer, because i can't see anything strange in it. I have to say that i found this file because it was wrote in the /etc/profile one. Could there be another one which also change this kind of configurations ?
-
Dishank Jindal almost 10 yearsChange the UMASK to umask may be that's the problem.