[SunHELP] question about umask to allow execute on a file.

Phil Stracchino alaric at caerllewys.net
Mon Jan 31 18:53:42 CST 2005

On Mon, Jan 31, 2005 at 03:02:50PM -0500, Grindell, Joan M. wrote:
> A user asked me how to setup his account so that the default permissions
> were 755.  Well I tried different permissions and found that for files I
> could never set the execute bit on a file using a umask 022 gave me 644 not
> 755.  
> Does anyone know of a way to set the default so the it allows setting the
> execute bit on a file.

OK, first, there are a few things you need to understand about umask,
the most important of which is that it is permissive, not prescriptive.

Let's start with a basic review of Unix file permissions.  Disregarding
for the moment sticky and setuid/setgid bits, a file's mode is shown by
nine bits, three octal digits, one octal digit each for user, group and
other.  The three bits representing each digit represent, in left to
right order, read, write and execute permissions.  Thus the permissions
part of the file mode is structured like this:

         user    group   other
read       4       4       4
write      2       2       2
execute    1       1       1

The umask does not control which of these bits WILL be applied
automatically to a newly created file.  It controls which bits MAY be
automatically applied -- or, more correctly, which may not.  That said,
when a Unix command results in the creation of a file, that file does
not automatically get given all the permission bits it is possible for
it to get.  In particular, as a safety measure, the execute bit is
normally never set by default unless the application creating the file
specifically sets it (gcc, for instance).

So, if your umask is 022, which forbids group and other write bits to be
set, and you use gcc to compile foo.c to produce an executable foo, foo
will normally end up with the permissions 755.  However, if you simply
create a file using an editor (or cp, cat or touch), even though you may
intend that file to be an executable shell script, Unix doesn't know
that, and so by default the file will be created with mode 644.  Setting
umask 022 *allows* files to be automatically assigned permission modes
up to 755; but it does not *require* that files be created with all of
those permission bits set.

The long and the short of it is, you can use umask to *permit* execute
bits to be set on a newly created file, but there's no way to force Unix
to do so automatically; if you want a new file to be executable, you
must set the execute bits yourself.  (Unless of course, as in the gcc
example cited above, the program creating the file explicitly specifies
that it be created with execute permissions.)

  ========== Fight Back!  It may not be just YOUR life at risk. ==========
  alaric at caerllewys.net : phil-stracchino at earthlink.net : phil at novylen.net
   phil stracchino : unix ronin : renaissance man : mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
           Linux Now!  ...Friends don't let friends use Microsoft.

More information about the SunHELP mailing list