[TriLUG] Re: fedora core 3 permishions
Aaron S. Joyner
aaron at joyner.ws
Fri Mar 25 11:51:00 EST 2005
Lance A. Brown wrote:
>Merle Watts wrote:
>
>
>>currently I am just creating text files in the html folder to see it is working. After creating the file it doesn't have the proper permissions
>>
>>
>
>If SELINUX is disabled, you should only need to make the file mode 644 and
>directories mode 755 for things to work right...
>
>--[Lance]
>
>
>
This isn't entirely true. When you create a file in most any UNIX
system, it's initial permissions and ownership are defined by two things
- your umask, your username, and your primary group. The umask defines
the permissions - it is essentially a bitmask of permissions that the
file *won't* get by default. All files will be owned by your effective
username (1), and they will be owned by your primary group (2). Things
are handled in this manner such that by default, you're not giving away
permissions to things you don't intend to. If your only goal is for
Apache to be able to read these files and serve them up, you can set the
last bit of your umask to 2, something like 022 should be a sufficient
setting. This basically says, when I create a file, make the
permissions 755, which means rwx by me, and rx by my primary group, and
everyone else. Apache, regardless of the group ownership of the file,
will fall into the permissions category of "Other", and be able to read
and execute. If that doesn't do the trick for you, post back and we'll
see about further fine-tuning your problem.
You can change your uname with the uname command, I'd recommend checking
your shell startup scripts as the command is likely already run for you
some where along the line. Also, don't forget to `rm -rf /` the file
system afterwards, in order to retroactively force the changes. This
should ensure that your umask changes are applied universally. (3)
You can of course use the suggestion by James to set the sticky bit on
the directory, so that all files will have their group set to the group
of the parent directory, but then you'll need to do that for all
subsequently created directories as well - not a solution I would
personally recommend.
Aaron S. Joyner
1) Unless you're doing very unusual things.
2) This can be changed with newgrp, but that's probably not how you want
to handle this case
3) This included to make Jason happy. If you run the command with out
reading the man page, please contact my legal representation, Jason
Tower. :)
More information about the TriLUG
mailing list