So I know umask can deny privileged using this format umask ugo. I understand that the read = 4, write = 2, and exec = 1. However, when I type umask, it returns 4 digits which is 0022 or 0073. I have no understanding of how does this work now because there is an extra digit. What is that extra digit and what does 0022 mean?
views:
42answers:
4
A:
the first 0 in 0022 means it's in octal the following digits can be decoded like:
0022 is ---r--r-- and 0073 is ---rwx-wx
Dan D
2010-10-30 02:03:25
i think 0022 results into -rw-r--r--
bioffe
2010-10-30 02:20:52
The answer is slightly incorrect :( -- It's the fact that it's a *digit* (any digit) which makes it read as an octal. That is a "0" for the "special permissions" flag. 022 an 0022 are synonymous because the first 0 is the "default" of the shorter form. One can set a umask of 7000 (still read as octal) if they so desire.
pst
2010-10-30 02:33:27
Close, but that's not what the leading 0 means here — `umask 22` is interpreted the same way, since `umask` always treats numeric arguments as octal. It is also possible to give symbolic arguments, e.g. `umask u=rwx,go=rx`. [… and pst beat me to the punch.]
ephemient
2010-10-30 02:37:18
+2
A:
Assume the default mask of 0666. umask 0022 would make the new mask 0644 (0666-0022=0644) meaning that group and others have read (no write or execute) permissions.
The "extra" digit (the first number = 0), specifies that there are no special modes.
If mode begins with a digit it will be interpreted as octal otherwise its meant to be symbolic.
0 is a digit, as is 1 (for sticky bit) or 6 (for SGID). A command such as chmod can be called by other methods, such as "chmod ug+rw mydir" where you would add the read and write permissions to user and group. Note that the mode in this case (ug+rw) does not begin with a digit, thus would not be interpretted as octal but rather symbolic.
See en.wikipedia.org/wiki/Chmod#Symbolic_examples for symbolics as well as www.lifeaftercoffee.com/2007/03/20/special-permission-modes-in-linux-and-unix/ for a bit on special modes.
I don't know that you would unmask the first bit with umask, but technically you could. It would explain why you almost always see it as a zero.
pinkfloydx33
2010-10-30 02:11:17
+1 Welcome to SO and nice answer. Never realized special-modes could be restricted in a umask. It often helps to incorporate links into answers: [umask man-page](http://ss64.com/bash/umask.html) -- but no discussion of special permissions.
pst
2010-10-30 02:34:22
+2
A:
The first digit of the mask deals with special permissions that don't fit quite so cleanly into the owner/group/other model. When four digits are provided for a file permission, the first refers to those special values:
4000 = SUID
2000 = SGID
1000 = sticky bit
The SUID bit, short for set-user-ID, causes an executable program to run with the effective user id (uid) of the owner -- in other words, no matter who executes it, the program executes with the owner's rights. This is commonly seen in programs that do things that require root privileges but are meant to be run by normal users: passwd is one such example.
The SGID bit, short for set-group-ID, is very similar, but runs with the effective group id (gid) of the owner.
The sticky bit is a little more complicated, if you want more information on that, you can read the manpage for sticky.
These bits can also be used with directories, but their meanings change.
I don't believe you can actually set the umask to allow you to enable any of these extra bits by default -- but you probably would never want to do that anyways.