Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Use umask 002 for more security.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use umask 002 for more security.
Authored by: crispyking on Jan 14, '04 01:48:15PM

Instead of a umask of 0 (which permits everything), it might be better to use a umask of 002 (which permits write to user and group) and use 10.3's new group scheme (where each user has a unique group -- as described in the previous comment "The 10.3 default is more secure").

If you use a default umask of 002, you'll still get all the benefit of users being able to share and write to each others' shared files, but users still get to protect their own files from public access.

To do this: create a new shared group (e.g. "snert") in NetInfo, and add the appropriate users to the group. Create a shared folder for that group and change its group ownership to "snert".

Any files created in the shared folder will be created with group "snert" (files inherit the parent folder's group) and since the umask is 002, they will be created writeable by anyone in group "snert".

Files in their home directory will be created with their default group (which is their unique group of the same name as their userid), and will only be accessible by themselves (even though they are group writeable).

[ Reply to This | # ]