Making two Unix permissions mistakes in one
Today's state of work-brain:
umask 077 /tmp/fred
Immediately after these two commands, I hit cursor-up to change the
umask' to '
chmod', so that I then ran '
chmod 077 /tmp/fred'.
Fortunately I was doing this as a regular user, so my next action
exposed my error.
This whole sequence of commands is a set of mistakes jumbled together
in a very Unix way. My goal was to create a new
that was only accessible to me. My second command is not just wrong
because I wanted
chmod instead of
umask (I should have run
umask before the
mkdir, not after), but because I had the wrong
set of permissions for
chmod. It was as if my brain wanted Unix
to apply a '
umask 077' to the creation of
/tmp/fred after the
fact. Since the numeric permissions you give to
umask are the
inverse of the permissions you give to
chmod (you tell
what you don't want instead of what you do), my change of
chmod then left
/tmp/fred with completely wrong permissions;
instead of being only accessible to me, it was fully accessible to
everyone except me.
(Had I been doing this as root, I would then have been able to
into the directory, put files in it, access files in it, and so on,
and might not have noticed that the permissions were reversed from
what I actually wanted.)
The traditional Unix
umask itself is a very Unix command (well,
shell built-in), in that it more or less directly calls
This allows a very simple implementation, which was a priority in
early Unixes like V7. A more sensible implementation would be that
you specify effectively the maximum permissions that you want (for
example, that things can be '755') and then
umask would invert
this to get the value it uses for
umask(). But early Unixes took
the direct approach, counting on people to remember the inversion
and perform it in their heads.
In the process of writing this entry I learned that POSIX
supports symbolic modes, and that they work this way. You get and
set umask modes like '
u=rwx,g=rx,o=rx' (aka '022', the traditional
friendly Unix umask), and they're the same permissions as you would
chmod. I believe that this symbolic mode is supported
by any modern Bourne compatible shell (including
zsh), but it
isn't necessarily supported by non-Bourne shells such as
rc (which is my shell).