I have a directory that has the following permissions set:
drwxr-s---. user group folder
On the desktop, I access this folder and right click to create a new file call foo.txt
. Then using the terminal, I created another file using the command $ touch bar.txt
.
When I check the permissions for these files, I have:
-rw-r--r--. user group foo.txt
-rw-rw-r--. user group bar.txt
I was expecting -rw-r-----. user group
. How did the extra write permission for group and read permission for others come about?
Best Answer
setguid
There are 2 forces here at work. The first is the setgid bit that's enabled on the folder,
folder
.That's the
s
in the pack of characters at the beginning of this line. They're grouped thusly:The
r-s
means that any files or directories created inside this folder will have the group automatically set to the groupgroup
.That's what caused the files
foo.txt
andbar.txt
to be created like so:permissions & umask
The permissions you're seeing are another matter. These are governed by the settings for your
umask
. You can see what yourumask
is set to with the commandumask
:NOTE: these bits are also called "mode" bits.
It's a mask so it will disable any of the bits related to permissions which are enabled. In this example the only bit I want off is the write permissions for other.
The representation of the "bits" in this command are in decimal form. So a 2 equates to 010 in binary form, which is the write bit. A 4 (100) would mean you want read disabled. A 7 (111) means you want read/write/execute all disabled. Building it up from here:
Would disable the read/write/execute bits for other users.
So then what about your files?
Well the
umask
governs the permissions that will get set when a new file is created. So if we had the followingumask
set:And started touching new files, we'd see them created like so:
If we changed it to something else, say this:
It won't have any impact on files that we've already created though. See here:
So then what's going on with the file browser?
The
umask
is what I'd called a "soft" setting. It is by no means absolute and can be by-passed fairly easily in Unix in a number of ways. Many of the tools take switches which allow you to specify the permissions as part of their operation.Take
mkdir
for example:With the
-m
switch we can overrideumask
. Thetouch
command doesn't have this facility so you have to get creative. See this U&L Q&A titled: Can files be created with permissions set on the command line? for just such methods.Other ways? Just override
umask
. The file browser is most likely either doing this or just completely ignoring theumask
and laying down the file using whatever permissions it's configured to do as.