Home / ubuntu / Questions / 186747
In Process
Just me
Asked: 2012-09-12 14:04:19 +0800 CST

Why does umask 077 not allow the user to execute files/directories?

  • 772

I'm using umask 077 ."Other" and "group" do not have any rights, but the user can't execute files/directories. Why does umask 077 not allow the owner to execute files/directories?

umask

2 Answers

  1. When you use a umask of 077 only the user has read, write and execute permissions. The user definitely will be able to open ('execute') directories (see more on why directories have to be executable in my answer here). However, files must always be made executable by entering chmod u+x myfile; they are never automatically executable. Some more useful information on umask is given in this answer:

    The likely possibility for your problems is that you have perhaps entered the value slightly incorrectly, which has resulted in a different umask, or that the value has not been permanently set. If you enter umask 077 in the terminal it will only hold good for that session of the terminal; to make it permanent for your user simply add umask 077 to your ~/.profile. The system default setting for umask is in /etc/login.defs; it used to be in /etc/profile. See also the manpage for pam_umask, which is a pam module that handles the assignment of umask.

    The following examples are from a successful setting of umask 077:

    1) For folder creation: mkdir doc checked with stat doc gave the correct permissions and an 'executable' folder:

    File: `doc'
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d  Inode: 6425268     Links: 2
Access: (0700/drwx------)  Uid: ( 1000/    mike)   Gid: ( 1000/    mike)
Access: 2012-09-12 11:33:01.236675420 +0100
Modify: 2012-09-12 11:33:01.236675420 +0100
Change: 2012-09-12 11:33:01.236675420 +0100
 Birth: -

    2) For file creation: touch new checked with stat new gave the correct permissions; the file is only made executable when you use chmod +x:

    File: `new'
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: 801h/2049d  Inode: 6303902     Links: 1
Access: (0600/-rw-------)  Uid: ( 1000/    mike)   Gid: ( 1000/    mike)
Access: 2012-09-12 11:34:58.272676270 +0100
Modify: 2012-09-12 11:34:58.272676270 +0100
Change: 2012-09-12 11:34:58.272676270 +0100

    A umask of 077 will give the permissions shown, but if you still have problems with permissions after setting umask 077 properly (as discussed further above) we can look into it further.

    • 7

  2. The umask value will be used to appropriately modify the default fmask for file permissions (base permission 0666) and dmask for directory/folder permissions (base permission 0777).

    The effective fmask and dmask values will be calculated by deducting the umask value (Octal calculations).

    So a umask 0022 would result in fmask to get a value 0644 (i.e. 0666 - 0022) while dmask would be 0755 (i.e. 0777 - 0022).

    The umask 0077 prevent files from being created with any access not only to the world (indicated by the ultimate octal digit) but also your group members (indicated by the penultimate octal digit).

    Reference:

    • 7