setting umask for a directory so that all directories, executable file(.sh , .cmd, .bat) are 750 and regular file 640

by

need to create and change existing file and directory such that all directories and executable files(*.sh, *.bat, *.cmd ..) are 750 and regular file are 640 . I need to this in shell and python both.

I like to set umask to 027 while default is 022 for existing directory …. can’t change default umask. Basically need to set umask directory specific

Answer

It seems you can’t set umask for a directory, see this analogous Q&A.

Let’s read man umask to see what your options are:

DESCRIPTION

umask() sets the calling process’s file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask
are used), and returns the previous value of the mask.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly
created files or directories. Specifically, permissions in the umask
are turned off from the mode
argument to open(2) and mkdir(2).

Alternatively, if the parent directory has a default ACL (see acl(5)), the umask is ignored, the default ACL is inherited, the
permission bits are set based on the inherited ACL, and permission
bits absent in the mode argument are turned off. For example, the following default ACL is equivalent to a umask of 022:

u::rwx,g::r-x,o::r-x

Combining the effect of this default ACL with a mode argument of 0666 (rw-rw-rw-), the resulting file permissions would be 0644
(rw-r–r–).

I would say you have three options here:

  1. Leave umask alone and periodically run a script that sets the wanted permissions for files and directories.
  2. Run umask 027 when you are creating files or directories in that particular location – this will affect the current process. Run umask 022 when you are done.

  3. Enable and use ACLs. Since you tagged this question setfacl, you are probably already contemplating this method:

    setfacl -Rdm u::rwx,g::r-x,o::--- .
touch a
mkdir b

    Run ls -al and getfacl * to see the results:

    -rw-r-----  a
drwxr-x---+ b

# file: a
user::rw-
group::r--
other::---

# file: b
user::rwx
group::r-x
other::---
default:user::rwx
default:group::r-x
default:other::---

Note: Default permissions don’t differentiate based on file extensions: if you want .sh, .cmd and .bat to have 750 and other files 640, your best option is 1. above.

Attribution
Source : Link , Question Author : user1656899 , Answer Author : simlev

Leave a Comment