I am trying to create a file in the /tmp directory (working on a Linux UBUNTU 7.10), that has read/write/execute access for any user. So I am using the "open(fileName,O_CREAT|O_RDWR,0777)" function to create the file (from a C program) in user1 account and I would like user2 to be able to write to the specific file. However, when i check the /tmp directory (with ls -l) I see that I do not have the write access permission for user2 (considering the fact that user1 created it, I have write access for user1, but user2, who is considered to be "others" does not have any access). I have tried to use mode 0766 in the open function (and such combinations of 7 and 6 for modes), so that I may get write access for user2, but I still don't have the required access.
views:
1122answers:
5You have to set your umask to 000. The bits on the umask are removed from the permission you have chosen, and the default umask is usually 022 or 002.
Note that things like default ACLs and SELinux labels might also affect the readability and writability of files. Use getfacl to see ACLs and ls -Z to see SELinux labels; for SELinux, you also have to know which policies are active and what effect they have. The presence of ACLs can also be seen on ls -l as a + character after the permissions.
FWIW, it's a security risk to create anything in /tmp (or /var/tmp, etc.) with a fixed name. A symlink can be setup in /tmp with the same name pointing to anything, and your program will destroy the target file if the user running your program has permissions to do so.
Things created programmatically in /tmp should be given random names, but it's best not to use that directory at all unless your whole system is secure (no potentially malicious users).
As CesarB noted, Unix unsets the bits that are set in the process's umask, so to get complete access, you would have to unset umask - temporarily.
mode_t oldmask = umask(0);
fd = open(...);
oldmask = umask(oldmask);
assert(oldmask == 0);
(OK; you don't have to do the assertion; it won't fire.)
As Pistos noted, creating files in /tmp is a fraught process. If you think the file should not be there yet, add O_EXCL to prevent following symlinks to unexpected places.
One final point - why would you be making the file executable? I think you should be aiming for just 666 permission, not 777 or 766. You most certainly should not execute a program that others can change at any time (so the owner should not have execute permission on a file others can write to), and the members of the group probably wouldn't really appreciate the generosity either. Other may, perhaps, get what they deserve if they execute the file - but it still isn't nice.
The only thing you can do is to chmod the file after create it:
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main() {
creat("/tmp/foo", 0);
chmod("/tmp/foo", 0666);
}
Anyway is not safe to have this kind of files.
I'm assuming you're trying to perform some IPC. Have you concidered using some other means to achive this like using dbus or som other system designed for this purpose?