File Access and Creation

Recall from the previous module that access to each file is governed by a set of permission mode bits. There are three types of permissions, read, write and execute, and three categories of access, user, group, and other. Additionally, the sticky, suid, and sgid special mode bits modify certain aspects of file permissions.

File Mode Creation Mask (umask)

When a file is created by a process, the process specifies a file mode to create that file with. Many programs use permissive mode values of 0666 (“rw-rw-rw”) for regular files, and 0777 (“rwxrwxrwx”) for directories by default.

A file mode creation mask, called the umask, is then applied over the specified mode, which removes permissions specified in the umask. For example, a typical umask value is 0022 (”—-w–w-“), which removes write permissions for the group and other access categories. Another typical value is 0077 (”—rwxrwx”) which removes all permissions for the group and other access categories.

The file mode creation mask is a property of the process itself, and is inherited from its parent process. A shell script can view or set its umask value with the umask utility, which affects how future files and directories are created, such as with the shell’s redirection operators, or other file system management utilities.

Note

There is a general expectation that utilities do not create files with less restrictive access modes than those which they inherit from their parent processes. Utilities which violate this expectation should be well-documented to do so.

Example

$ umask 0022 $ touch testfile $ stat -c ‘%A’ testfile -rw-r–r– $ rm testfile $ umask 0077 $ touch testfile $ stat -c ‘%A’ testfile -rw——-

A user may also use the chmod utility to modify the mode of an existing file.

Tip

Compared to creating a file and then changing its mode with chmod, changing the umask first with umask, and then creating the file avoids a race condition where the file temporarily exists with an undesired mode.

Group Selection

Each user has a username, a primary group, and a list of additional secondary group memberships. The primary group is typically a group with the same name as that user, and of which they are the only member. Secondary groups are used to manage access to privileged resources; for example, the secondary group sound is often used to manage access to sound card resources, or the group video manages access to displays.

A running process has one user and one primary group associated with it; in the case of an interactive shell, this would typically be the currently logged in user and their primary group. The newgrp utility can be used to change the shell’s primary group to another group that user is also a member of. This affects which group ownership is applied to newly created files.

$ groups  # list available groups
bennyb audio
$ id -ng  # list primary group
bennyb
$ touch testfile
$ stat -c '%G' testfile  # list testfile group ownership
bennyb
$ rm testfile
$ newgrp audio  # change primary group to audio
$ id -ng  # confirm primary group
audio
$ touch testfile
$ stat -c '%G' testfile  # list testfile group ownership
audio

A user may also use the chgrp utility to modify the group ownership of an existing file.

Tip

Compared to creating a file and then changing its group ownership with chgrp, changing the shell’s primary group with newgrp and then creating a file avoids a race condition where the file temporarily exists with an undesired group ownership.