Consultor Eletrônico

SUMMARY:

This Knowledge Base Solution discusses the important topic of file security, a feature of UNIX and the shell. Two UNIX commands affect the accessibility of a file; umask and chmod. The umask command, which allows control of file and directory access, should always be considered when Progress file permissions appear to be incorrectly set.

EXPLANATION:

By setting permissions, you can allow others to read, write or execute files you've created. To check these permission settings, use the long form of the list command (ls -l) which will display the accessibility of any file or directory.

There are three levels of security:

a) what the owner of the file can do,
b) what his or her related group can do, and
c) what the world can do.

The table below shows the different levels or modes. Within each of these three security levels, a file can be set to be or not be readable (r) by that level, writable (w) by that level, or executable (x) by that level.

EXPLANATION:

File permissions are established in binary:

Numeric Permission Character representation
0 no permissions ---
1 execute permission only --x
2 write permission only -w-
3 write(2) + execute(1) permissions -wx
4 read only permission r--
5 read(4) + execute(1) r-x
6 read(4) + write(2) rw-
7 read(4) + write(2) + execute(1) rwx


SOLUTION:

Whenever Progress file permissions appear to be set incorrectly, check umask settings. The umask command sets up the default security for any file or directory created. Without the execute bit, directories can not be searched. The unmask command tells the operating system which permissions to exclude when creating a new file or directory. This command is executed at login time by either:

/etc/profile,
$HOME/.profile,
$HOME/.cshrc
$HOME/.login.

On most UNIX operating systems the umask default is 022, which says to
omit write permission for the user's group and the world. This setting lets anyone read your files or directories, but no one can write to or over them.