Cfxtrjtrk

For some obvious reasons I need to set umask value for one specific folder. How can one do that?

Thanks beforehand!

UPDATE 1

The reason I need to use umask for a specific folder is following. I have a web application and when it creates some file the default permission is 700. But I need at least 755 permission for that file. I think I could explain the problem more clearly now.

you could use setfacl

setfacl -d -m group:name:rwx /path/to/your/dir

Where name is the group name

To find which groups you or a specific user belong see In unix/linux how do you find out what group a given user is in via command line?

You cannot set umask per directory, it's a process-level value. If you need to prevent others from reading files in a directory, revoke the corresponding permissions bits.

For example, if you've a directory /home/user/directory with some files and directories which can get permissions like 777 from a process, set the permission bits of /home/user/directory to something like 700. That will make it impossible for other users (excluding the superuser root) to descend in /home/user/directory.

I'm paranoid and set the permissions on /home/user to 750, so only I can read, write and descend in my home directory. This has as consequence that folders like /home/user/Public cannot be accessed by others, but I can live with that.

Per update of your question: still, you cannot control that in the filesystem (other than using a different filesystem type like FAT which is strongly discougared), you need to do that in your webapp. If your webapp is coded in PHP, you can change the umask on the fly using the umask function:

<?php

umask(0022);

// other code

?>

You could put this in a configuration file, like the file containing the database connection password (thinking in apps like Wordpress).

Remember that it's a process value, some webservers allow you to set it in their configuration files, otherwise you could modify the startup scripts to set the desired umask. Remember that permissions like 755 and 644 are quite dangerous for webapps, if the code is sensitive, everyone can read it.

To change permissions for a folder use chmod. umask is for files.

Set umask to what you need by

umask xxx

and change back when your done

umask 022

Another solution might be to just set the group id on files created in the directory, which makes the new files owned by the directory group id, instead of the group id of the user that created the files. So I think you could just do:

chown www-data:www-data /my/folder

chmod 4755 /my/folder

This sets the setgid special file permission, which would cause all files created in /my/folder to be owned by the www-data group, which has then has rx (5) permission because of the parent directory.

Related, but maybe not applicable in this case, the following clip is from .zshrc:

# Change the umask automatically for some directories; use 0022 as the default

chpwd () {

    case $PWD in

        $HOME/[Dd]ocuments*)

            if [[ $(umask) -ne 077 ]]; then

                umask 0077

                echo -e "33[01;32mumask: private 33[m"

            fi;;

        */[Ww]eb*)

            if [[ $(umask) -ne 072 ]]; then

                umask 0072

                echo -e "33[01;33mumask: other readable 33[m"

            fi;;

        /vol/nothing)

            if [[ $(umask) -ne 002 ]]; then

                umask 0002

                echo -e "33[01;35mumask: group writable 33[m"

            fi;;

        *)

            if [[ $(umask) -ne 022 ]]; then

                umask 0022

                echo -e "33[01;31mumask: world readable 33[m"

            fi;;

    esac

}

So for interactive use, something like that would work (but, obviously, not to provide security).