# set the default permissions for new files / folders?

## KarlisRepsons

How to make newly created directories have permissions drwxrwx--T by default?

----------

## ziggysquatch

globally it's in /etc/profile.  per user it's in ~/.bash_profile.

If using bash that is.

```

change the following to your liking in /etc/profile:

umask 022

```

----------

## KarlisRepsons

That would be nice and neat, but umask seams not to support sticky bit (at least like chmod does), which is why I am asking...

----------

## energyman76b

fstab, umask option?

----------

## ziggysquatch

my bad, I read it too fast and didn't even see the sticky bit.  As far as I've read you can't do it with umask and most people just use chmod in the profile or some script at startup. bummer.

----------

## KarlisRepsons

 :Sad: 

What the hell?? I can't believe, I really have to chmod EVERY new object in filesystem!! What, I have to set up inotify watch and call chmod automatically? Seams like a stupid solution.

----------

## energyman76b

fstab add umask

----------

## KarlisRepsons

energyman, it is intended to be set on per-user basis. You meant some filesystem mounting options? I'd like you to explain some more...

umask 1777

bash: umask: 1777: octal number out of range

by the way.

----------

## energyman76b

'per user basis' so it should only set with some user not the other?

I am sure pam can do that for you - but I don't know how...  :Wink: 

----------

## widremann

Just need to ask why you feel the need to set the sticky bit on every new file?

----------

## KarlisRepsons

Not file, directory for some folders shared between multiple users!

Add: so what is the reason behind umask apparently not supporting sticky bit? Am I really alone who needs it?

----------

## widremann

 *KarlisRepsons wrote:*   

> Not file, directory for some folders shared between multiple users!
> 
> Add: so what is the reason behind umask apparently not supporting sticky bit? Am I really alone who needs it?

 

So it's only certain folders?  Why not just set those manually?

Alternatively, you could just use ACLs (aka, the right way).

----------

## KarlisRepsons

> you could just use ACLs

What do you mean?

----------

## McLink

Partial and rather hacky solution solution:

```
# .bashrc

function _my_mkdir ()

{

  mkdir $@

  chmod +t $@

}

function _my_touch ()

{

  touch $@

  chmod +t $@

}

alias mkdir='_my_mkdir'

alias touch='_my_touch'
```

Just make sure not to call mkdir or touch with any flags.

Alternatively, roll your own version of bash with support for sticky-bits in the umask. You'll break POSIX compatibility, so it isn't recommended for production boxen, but it's possible nonetheless - and probably not even that difficult to do.

Ah, the wonders of open source.

----------

## widremann

 *KarlisRepsons wrote:*   

> > you could just use ACLs
> 
> What do you mean?

 

man 5 acl

You will have to enable them for your filesystem.  ext3 has them under Extended Attributes.

They allow you to set per-user access to files and directories as well as default access for new files and directories.

----------

## KarlisRepsons

Interesting, is it possible to hide the existence of some particular files or somehow similar? 

Linux default access control can be tuned to forbid directory listings, but it will show the existence of file, if its name is guessed.

----------

## widremann

 *KarlisRepsons wrote:*   

> Interesting, is it possible to hide the existence of some particular files or somehow similar? 
> 
> Linux default access control can be tuned to forbid directory listings, but it will show the existence of file, if its name is guessed.

 

Just disable access to the directory altogether.  That's really the only thing that makes sense semantically.  That's because the names of the files in a directory are stored in the directory itself.  You can't selectively hide entries in the directory.  Either you can access the whole directory file, or you can't.

Of course, if you want to write a filesystem that lets you do this, go right ahead  :Wink: .  It would be cool, to say the least.

----------

## KarlisRepsons

Thank you for explanation. Perhaps it doesn't take writing a new filesystem, but is not a clean solution then.

----------

## KarlisRepsons

Anyway, here this is written:

As for POSIX ACLs, although they are a substantial improvement, many restrictions remain:

    * More find-grained permissions would be useful. For directories, the write permission includes the rights to add and remove files.

So is there any sticky bit analog for LINUX, which also supports being into default permissions or no?

----------

## widremann

 *KarlisRepsons wrote:*   

> Anyway, here this is written:
> 
> As for POSIX ACLs, although they are a substantial improvement, many restrictions remain:
> 
>     * More find-grained permissions would be useful. For directories, the write permission includes the rights to add and remove files.
> ...

 

I think not, actually.  At first I thought ACLs would solve this problem, but upon further think, it looks like you are right.

You could patch the system call table and have mkdir() set the sticky bit automatically when creating new directories in a certain place, but I think Linus would probably come at you with a butcher knife if you did that.

----------

## KarlisRepsons

Well, here I am. I admit, it would further complicate things, if default sticky bit is used for long, but at this time I saw it useful.

Even if those settings I am looking for are a bit complicated and can result into hard-to-manage directory tree, it still seams useful for me.

Not to end this here with almost nothing, maybe someone has an idea who should be asked to consider changes to support "default sticky bit"?

----------

## desultory

Moved from Off the Wall to Networking & Security.

----------

## cwr

I doubt anyone would be interested in such a change: mkdir is pretty old, and

the requirement hasn't come up before.   The best bet would be to find out

which tools or libraries are accessing umask, and alter and recompile the tools

themselves.  mkdir itself would be a start.

Will

----------

## KarlisRepsons

OH MY GOD, the river flows backwards: my post gets out of "Off the Wall"!

----------

## timeBandit

It happens from time to time.  :Wink: 

----------

