How to set umask for a specific folder

permissions umask

For some obvious reasons I need to set umask value for one specific folder. How can one do that?

Thanks beforehand!

UPDATE 1

The reason I need to use umask for a specific folder is following. I have a web application and when it creates some file the default permission is 700. But I need at least 755 permission for that file. I think I could explain the problem more clearly now.


Solution 1:

you could use setfacl

setfacl -d -m group:name:rwx /path/to/your/dir

Where name is the group name

To find which groups you or a specific user belong see In unix/linux how do you find out what group a given user is in via command line?

Solution 2:

You cannot set umask per directory, it's a process-level value. If you need to prevent others from reading files in a directory, revoke the corresponding permissions bits.

For example, if you've a directory /home/user/directory with some files and directories which can get permissions like 777 from a process, set the permission bits of /home/user/directory to something like 700. That will make it impossible for other users (excluding the superuser root) to descend in /home/user/directory.

I'm paranoid and set the permissions on /home/user to 750, so only I can read, write and descend in my home directory. This has as consequence that folders like /home/user/Public cannot be accessed by others, but I can live with that.

Per update of your question: still, you cannot control that in the filesystem (other than using a different filesystem type like FAT which is strongly discougared), you need to do that in your webapp. If your webapp is coded in PHP, you can change the umask on the fly using the umask function:

<?php
umask(0022);
// other code
?>

You could put this in a configuration file, like the file containing the database connection password (thinking in apps like Wordpress).

Remember that it's a process value, some webservers allow you to set it in their configuration files, otherwise you could modify the startup scripts to set the desired umask. Remember that permissions like 755 and 644 are quite dangerous for webapps, if the code is sensitive, everyone can read it.

Related

Why can't I copy a 5G file?
How does one find out the command line corresponding to GUI app (eg, LibreOffice Writer)?
Where are chromium extensions located?
VirtualBox fails to start machine after installing extensions
setlocale: LC_CTYPE: cannot change locale (UTF-8) [closed]
Convert .JPG or .PNG to .ICO using terminal and back
Where is the VLC logfile for errors?
How can I open a file when I do not know what command opens it? [duplicate]
How do I rotate my display when not using an X Server?
Installing Wine 1.5: configure: error: Cannot build a 32-bit program, you need to install 32-bit development libraries
How can I install OpenMP in Ubuntu?
Where to find geckodriver needed by Selenium Python package?