Monthly Archives: February 2017

Learn Linux Unix: File permissions & ownership

Basic Linux and Unix fundamentals of file permissions and ownership. Learn what are they and how to set/edit them in different ways.

One of the basic fundamentals while learning Linux or Unix is file permissions and their ownership. One should be clear about what is file ownership is and what its permissions mean. in *nix world, everything is treated as file devices and directories too. Each file has its own owners and permissions. Permission data decides who can do which operations on that file.

Ownership :

Each file has two ownership details attached with it: Owner and group.

The owner is the user (listed in /etc/passwd) who owns that file. He must have created that file or previous owner of file/superuser made him the owner of that file. Owning a file means all owner level permissions are applicable to that user for that particular file.

A group is a group (listed in /etc/group) who has rights on that file. Group-level permissions are applicable to that group. This detail introduced so that a large number of people’s access can be managed for that file with only one set of permissions.

Files owner details can be seen in ls -lrt output under 3rd and 4th column as below :

# ls -lrt
total 0
-rw-r--r-- 1 root    sysadmin 0 Feb  9 10:40 file1
-rw-r--r-- 1 oracle9 dba      0 Feb  9 10:40 file2
-rw-r--r-- 1 user3   apps     0 Feb  9 10:40 file3

In above example,

root, oracle9, and user3 are owners.
sysadmin, dba, and apps are groups.

Sometimes you see numbers instead of the owner or group. Those are orphaned files whose owner or group does not exist on the system.

How to change file ownership :

To change file ownership you have to use change owner (chown) command. The command should be supplied with a new owner and group along with a file name whose ownership needs to be changed.

# ls -lrt
-rw-r--r-- 1 user2 dba 0 Feb  9 10:40 file1
# chown root:sysadmin file1
# ls -lrt
-rw-r--r-- 1 root sysadmin 0 Feb  9 10:40 file1

Observe the example above how it changed owners. To run successful chown command, you must be the current owner of that file or you must be a superuser.

Permissions :

Permissions control how and who access the file and perform operations on it. There are 3 permissions parameters defined in *nix world: read, write, and execute. It has number representation as well.

Read permission denoted by 4 or r
Write permission denoted by 2 or w
Execute permission denoted by 1 or x

If you see, the above example again, the output’s first column is permission details. That is 10 character field which can be decoded as :

File bit
Read bit for owner
Write bit for owner
Execute bit for owner
Read bit for the group
Write a group for group
Execute bit for the group
Read bit for others
Write bit for others
Execute bit for others

File bit denotes the type of file. There are various values you can see here. Few are as below :

d : directory
- : file
l : Symbolic link
b : block device file

The rest are 3 sets of 3 bit each for the owner, group, and others. Others mean any user id which is not the owner or part of the specified group. For example -rw-r--r-- means its a file, which can be read & write by the owner and can only be read by group members, others. -rwxrwxrwx means read, write, and execute permissions to all!

Whenever a file is created, its default permissions are decided by umask value defined in the system.

How to change file permissions :

To change file permission, you need to use chmod command. You have the liberty to specify only one set of permissions (for user or group or others) or all three sets, use of character, or number representation of permissions and owners.

Below are few examples :

# chmod 744 file1      <<Set rwx to owner & read for group, owners
# chmod o+x file1      <<Adds execute permission for others
# chmod u+x,g+x file1  <<Adds execute permission for owner and group
# chmod u-x file1      <<Removes execute permission for owner

How to change directory permissions recursively

Recursively means changing permission of all the files and directories upto depth 1 in directory. To change directory permission recursively you need to use switch -R along with chmod command followed by directory.

For example :

root@kerneltalks # chmod -R 755 /tmp/testdata
root@kerneltalks # ls -lrt /tmp/testdata
total 0
-rwxr-xr-x 1 root    sysadmin 0 Feb  9 10:40 file1
-rwxr-xr-x 1 oracle9 dba      0 Feb  9 10:40 file2
-rwxr-xr-x 1 user3   apps     0 Feb  9 10:40 file3

As you can see in the above output after changing permission recursively, all files within /tmp/testdata directory changed permissions to 755.

How to disable direct root login on Linux & HPUX

Leave a reply

Learn how to disable direct root login to Linux and HPUX servers by altering parameters in SSH configuration files. Its one of the hardening step.

Many of the production / live environments has their server hardened. Once of the server hardening step is to disable direct root login to servers i.e. user can not login to server using root account. User need to login with normal account and then switch to root privilege account. This enables easy tracking when and who used superuser privilege. This adds extra layer of security to system prohibiting hackers trying to login with superuser privilege.

By editing SSH configuration file sshd_config we can disable direct root login. SSH configuration file in Linux located at /etc/ssh/sshd_config whereas in HPUX its at /opt/ssh/etc/sshd_config.

In above mentioned config files you need to check PermitRootLogin parameter :

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

This parameter defines if direct root access is permitted or not. By default its value is set to yes. This means direct root login is allowed on server. You need to hash out this entry by adding symbol # at the beginning as shown in above example. Once its hashed then SSH daemon ignores this value. Means it wont allow root login on server. This includes all accounts with root privileges i.e. with UID 0. You can even change value to no without hashing entry out and it will still works.

PermitRootLogin no

After hashing out entry you need to bounce SSH daemon sshd to read this new configuration by daemon.

# service sshd restart

OR

# systemctl restart sshd

But restarting sshd will terminate all user’s sessions currently active on server. To avoid this we need to kill it with HUP . HUP option restart sshd without disturbing existing sessions.

# ps -ef |grep -i sshd
    root 25993     1  0  Apr 29  ?        15:28 /opt/ssh/sbin/sshd

# kill -HUP 25993

#  ps -ef |grep -i sshd
    root 29760     1  0 10:43:58 ?         0:00 /opt/ssh/sbin/sshd

You can see new sshd has been spawned when we kill it by HUP signal. And your current logged in users wont observe any disconnections. Now, open new session and try to login with superuser account. It will fail!

6 ways to check Linux kernel version

Leave a reply

Learn how to check the Linux kernel version using the command line. Helpful commands to check your kernel versions, releases, codenames, etc.

This post aims at checking your Linux kernel version using commands. We will be discussing different ways to fetch this data from your system. Below is a list of commands which can be used to get Linux kernel version details.

You can use below 7 ways to gather info about your distribution like kernel version in CentOS, RHEL, SUSE, OEL, Ubuntu, Debian Linux. All the below outputs are from my test machine running CentOS 7.

1. By reading version process file.

This gives you running kernel version.

[root@kerneltalks1 ~]# cat /proc/version
Linux version 3.10.0-693.5.2.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Fri Oct 20 20:32:50 UTC 2017

3.10.0-693.5.2.el7.x86_64 is your current kernel distribution version.

2. By reading Distro release file in /etc

Almost all distributions of Linux come with a release file in /etc which contains the kernel version, release details in it. Its a text file hence cat can be used to read its content.

# cat /etc/enterprise-release OR /etc/oracle-release   ---For OEL
Enterprise Linux Enterprise Linux Server release 5.8 (Carthage)

[root@kerneltalks1 ~]# cat /etc/redhat-release         ---For RHEL/OEL
CentOS Linux release 7.4.1708 (Core)

OR simple use wildcard so that you can list the release file of any distro. All distro keeps diff filenames so using wildcard will be wise. In some distro, you will see /etc/os-release or /etc/system-release files as well. All these files will be covered when using wild cards.

[root@kerneltalks1 ~]# cat /etc/*release
CentOS Linux release 7.4.1708 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.4.1708 (Core)
CentOS Linux release 7.4.1708 (Core)

3. By listing release package

This command works for RPM-based systems like RHEL, SUSE, OEL, CentOS, etc. Search and grep for release which will show you release package. This package name convention includes release number in it.

[root@kerneltalks1 ~]# rpm -qa |grep -i release
centos-release-7-4.1708.el7.centos.x86_64

4. Using `uname` command

This command works on all flavors of Linux. You can use it on RHEL, SUSE, OEL, Debian, Ubuntu, etc.

[root@kerneltalks1 ~]# uname -r
3.10.0-693.5.2.el7.x86_64

This value indicates your current kernel version.

5. Using `lsb_release` command

lsb_release command is provided by redhat-lsb package. You need to install redhat-lsb package in order to use this command on RHEL, CentOS or Fedora systems.

[root@kerneltalks1 ~]# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 7.4.1708 (Core)
Release:        7.4.1708
Codename:       Core

6. Using `hostnamectl` command

In newer kernels, hostnamectl command is introduced. Using this command without any argument will show you all details about your kernel. You can use it to set your hostname as well.

[root@kerneltalks1 ~]# hostnamectl
   Static hostname: kerneltalks1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 49688f1b932a41e790254b993d419ccc
           Boot ID: 4777133835544d599a46a53ae4b584e3
    Virtualization: xen
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-693.5.2.el7.x86_64
      Architecture: x86-64

How to install EC2 Linux server in AWS with screenshots

Leave a reply

Learn how to install the EC2 Linux server of your favorite distro on the Amazon Web Services cloud platform. Free Linux server for learning and practicing.

Amazon Web Services AWS is one of the cloud platforms which offers various computing facilities online. For a free tier account, there are enough services offered for a normal user who aims for testing or learning new technologies without spending much. You can sign up for a free account (12 months free) here which will require your valid mobile number and credit card information for validation.

In this post, we will be using AWS to install the Linux server which we can use for practice/ hand-on experience at home. One of the other alternatives is to install Vmware on your desktop/laptop and then install Linux in its virtual machine. But this way requires a good hardware configuration of your laptop/desktop. Hosting your Linux on cloud is much easy and it’s not costing you anything for low usage!

AWS offers below a list of distros to install on its EC2 (server computing module) platform.

Redhat
Cent OS
Debian
Fedora
Gentoo
OpenSuse
Suse Linux
Ubuntu
Amazon Linux

You can have a hand on to all these distros within minutes after signing up for your account! Of course, you will be having root administrator access on these systems! Let’s walk through steps to get your Linux server ready in minutes on AWS.

Step 1.

Step 2.

You will be presented with the ‘Quick Launch EC2 Instance’ screen. Here you will be able to launch a wizard to get your task done fast or you can go through Advanced selections to decide your final virtual server config. We will be going with a normal wizard. Click the “Get Started” button here.

Step 3.

Now we will walk through wizard for creating our Linux virtual server.

Name your EC2 instance :

Your EC2 linux virtual server name of your choice.

Select your operating system. We are selecting RedHat here.

Select an instance type.

This is the type of hardware config you will be needing. For free account, you will be able to select those instances only which is tagged with “Free tier eligible”. Here we are selecting default t2.micro instance which has Single core CPU, 1 GB RAM, and 8GB of HDD.

Create a key pair.

This is an important screen. Here you will be given one Private key to download. You will require this key to authenticate yourself while logging into this EC2 Linux server when ready. Give the name of your choice and download the key file and keep it safe.

Create this instance.

Finally hit create button and your server will be ready in 2 minutes. You will see installing screen.

Once complete, click EC2 console link and you will be presented with list of servers under your account.

Step 4.

You can see below the EC2 screen with your server details like instance state, zone, DNS, etc.

Now to connect to this server from your laptop/desktop, you need to use key pair as authentication. Download putty.exe and puttygen.exe from here.

Open puttygen.exe and load your private key which you have downloaded from AWS console in step 2.

Once, successfully loaded you need to click the “Save public key” button and save the key on your desktop/laptop.

Now open putty.exe. Set your saved key file from puttygen (in the above task) as an SSH authentication. In left-hand side pane, expand SSH then select Auth and on the right-hand side, you will be able to browse your file.

Now your putty.exe is ready to connect with your AWS Linux server. Now head back to EC2 console and copy your server’s public DNS.

Use this it, in putty to connect. And you will be able to connect to the server. Once prompted for username use username from the below table as per your distro (official AMI). You won’t be prompted for a password. Your authentication will be done via key pair you configured in putty settings.

Default ssh usernames for famous Linux in EC2

Linux Distro	Username
Ubuntu	ubuntu
Debian	admin
Fedora	fedora
CentOS	centos
RHEL 6.4 & Later	ec2-user
RHEL 6.3 & previous	root
SUSE	root

login as: ec2-user
Authenticating with public key "imported-openssh-key"
[ec2-user@ip-172-31-23-115 ~] $ sudo su -
[root@ip-172-31-23-115 ~] # id 
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Once logged in, use sudo su - command and you will be in root account! That’s it, you have an EC2 Linux server with root account in few minutes!

You can install any distro listed above in these instances. Make sure you are not expiring your free usage according to AWS free tier policy otherwise you will be billed on your card. Practice, learn, improve! Have a happy shell!!

How to mount ISO file in Linux?

Leave a reply

Learn how to mount ISO disk image in Linux. ISO image file mounts using a loop device and iso9660 filesystem type enabling users to access data within as a normal mount point.

Many software distributions come on Compact Disc CD media. Since physical CD is difficult to maintain over the course of years, many people prefer to have an ISO image of discs. Also, it’s feasible to use such ISO file quicker on the server where native disc drive is absent. It’s quick to copy ISO file on the server and mount it rather than searching for a USB disk drive, connecting, identifying it on the server, and then using the disc in it.

In this post, we will be seeing how to mount ISO file in Linux to access data in it. It’s a very short procedure of a couple of commands and ISO file’s data will be available to you like any other data mount point.

Step 1.

First, we need to create a mount point directory on which ISO will be mounted. Preferable it should be under /mnt structure.

# mkdir /mnt/iso

Now, copy ISO to the server using FTP or SCP. Let’s say we have copied test.iso in /tmp directory.

Step 2.

Mount ISO file on /mnt/iso mount point using mount command using the loop device. The loop device is a pseudo-device that accesses the file as a block device. Since mount command deals with block devices and not files, we are using a loop option here.

# mount -o loop /tmp/test.iso /mnt/iso
mount: you must specify the filesystem type

Here you can see an error that we haven’t specified file system to mount. Proceed with specifying the iso9660 file system. iso9660 file system uses for CD/DVD ROM file structures.

#  mount -o loop -t iso9660  /tmp/test.iso /mnt/iso

Using the above command with filesystem iso9660 and loop device we successfully mounted ISO file. You can verify it with df command and viewing content of ISO file.

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/tmp/test.iso          82K   82K     0 100% /mnt/iso

# cd /mnt/iso
# ll
total 22
-r-xr-xr-x. 1 root root 12246 Dec 19 13:50 CPU_iowait.xlsx
-r-xr-xr-x. 1 root root  9357 Dec 19 13:53 RAM.xlsx

You can un-mount this ISO with simple unmount command. Unless you unmount it, ISO file will be in use by this mount and throws warnings if you try to work with it.

# unmount /mnt/iso

Its a century! Celebrating 100 posts!

Leave a reply

Here we are on the 100th block! Kerneltalks journey of 4 months reaching a milestone of 100 posts! Crawling web of Linux, Unix & scripts for the goodness of sysadmin!

And here we are!!!! on 100th post!!!!

kerneltalks.com was registered in Oct 2016, to take a journey of kerneltalks.blogspot.com further into wider space. In 3-4 months of the span, KT has grown to 100 posts database of Linux, Unix, and Script related stuff. We have observed 40K pageviews in this period and a continuously growing organic search number!

There were a couple of technology enhancements done to run KT smoothly and give an awesome reading experience to all its readers.

KT started getting feedback, questions from its readers over email. Social branding is one of the aspects KT just started and advancing at a low pace day by day. As of today, KT having 377 fans on its Facebook page, 5 Google+ followers, 15 Twitter followers, 19 Feed readers, and 28 email subscribers. Totaling 444 social followers. Although these numbers look pretty small they are growing and yes they are not paid ones!

KT also gained a leap in Alexa ranking. Currently its ranked 4,00,728th popular website in the world and 33,529th in India. If you are into blogging and know what is Alexa, you definitely love these numbers!

I hope the same continuity in the future and would like to see these numbers greatly raised when KT reaches 200 posts milestone! Till then, have a good time! Happy surfing!!

HPUX: APA configuration testing script

Leave a reply

Small APA configuration testing script which will automate checking and verifying your Auto Port aggregation configuration in the HPUX server.

In the past, we have seen the configuration of Auto Port Aggregation in HPUX which explains what is APA and what is the purpose of using APA in your setup. In another post, we learned how to test APA if working perfectly or not. In this post, I will be sharing a script that I coded to automate this APA test.

Do not run this script on running live production. Since testing APA involves disabling of NIC.

Also, make a note that you need to run this script in normal terminal login and not on the server console. Since if the APA test fails you will lose server connectivity on primary NIC IP address. It is recommended to keep a continuous ping session on to IP address (configured on APA) to make sure that you monitor connectivity during the whole APA test. I have also explained the use of this continuous ping in manual APA test post.

Script code :

Execute this script on your own risk!

See below the APA configuration testing script. Save the below code in apa_test.sh file on your server. Execute script with root privileges using sh apa_test.sh or ./apa_test.sh command. Make sure executable permissions are set for the file.

Sample output :

******* APA Configuration Check *******
Caution !! Do not run this script from console

APA group : 900
IP	  : 10.10.5.2
Lan PPA	  : 0

APA group : 900
IP	  : 10.10.5.2
Lan PPA	  : 1

APA is working normally!

Write us suggestions/feedback/corrections in comments.

Auto port aggregation APA configuration in HPUX

Leave a reply

Learn APA configuration in HPUX. Auto port aggregation logic is similar to network teaming in Linux. Used for network card hardware-level redundancy.

APA stands for Auto Port aggregation. It is software i.e. operating system level configuration which offers NIC (Network Interface Card also referred to as LAN card) redundancy. We have already briefed about APA in this post, refer to the first paragraph.

Also read : Network bonding-teaming in Linux

Let’s run down to configuration steps for APA in HPUX in failover group mode.

Step 1.

You need to have teaming software installed on your system. The Teaming (Auto PORT Aggregation) application is inbuild in HP-UX 11i V2 EOE. If not you can download it from the HP software repository and install it on your HPUX server.

Step 2.

Make sure your primary network interface card (NIC) is configured with a proper IP address, mask, and gateway. Use netstat -in command.

# ioscan -funC lan 

Class I H/W Path Driver S/W State H/W Type Description 
=================================================================== 
lan 1 1/1/0 gelan CLAIMED INTERFACE HP A4926A PCI 1000Base-SX Adapter
/dev/gelan4

Let’s assume we have identified lan1 as a secondary NIC for our config. lan0 being the primary one.

Secondly, identify your second NIC which can be used as secondary card in APA configuration (Use ioscan -fnClan command). Make sure this card is connected to a different network switch, configured with the same VLAN as primary on the network end, and is physical does not reside in the same hardware module of primary NIC. This ensures high availability in case of network, switch, or card hardware failure.

To confirm both cards have same network reachability (i.e. on same VLAN) use below command :

# linkloop -i PPA_pri StationAddr_sec

# linkloop -i 1  0x00108323463C 
Link connectivity to LAN station: 0x00108323463C 
-- OK 

---- failure output means no connectivity----
Link connectivity to LAN station: 0x00108323463C 
error: get_msg2 getmsg failed, errno = 4 
-- FAILED 
frames sent : 1 
frames received correctly : 0 
reads that timed out : 1

where station address is MAC (can be obtained from lanscan output) and PPA number is lan0, lan1 number. Try in both ways. using MAC of primary and PPA of secondary and vice versa to make sure you have connectivity between both cards. If you get shown failed error then those two cards cant be used in APA config together.

Step 3.

Edit configuration file /etc/rc.config.d/hp_apaportconf and mention interface names (lan0 and lan1 in our case) like below:

HP_APAPORT_INTERFACE_NAME[0]=lan0
HP_APAPORT_CONFIG_MODE[0]=LAN_MONITOR

HP_APAPORT_INTERFACE_NAME[1]=lan1
HP_APAPORT_CONFIG_MODE[1]=LAN_MONITOR

Step 4.

Start APA services.

# /sbin/init.d/hpapa start
/sbin/init.d/hpapa started.
         Please be patient. This may take about 40 seconds.
         HP_APA_DEFAULT_PORT_MODE = MANUAL
         /usr/sbin/hp_apa_util -S 0 LAN_MONITOR
         /usr/sbin/hp_apa_util -S 1 LAN_MONITOR
         /sbin/init.d/hpapa Completed successfully.

# /sbin/init.d/hplm start

Step 5.

Now, we will create a LAN configuration file that can be applied later to both NIC to make them aware they are working in a group under the same IP umbrella. lanqueryconf command creates ASCII file at /etc/lanmon/lanconfig.ascii

# lanqueryconf -s 

# more /etc/lanmon/lanconfig.ascii
NODE_NAME teststation 
POLLING_INTERVAL 10000000 
DEAD_COUNT 3 
FAILOVER_GROUP lan900 
STATIONARY_IP 10.10.2.5 
PRIMARY lan0 5 
STANDBY lan1 3

See the content of this ASCII file. It has node name, polling interval (microseconds, default is 10 sec). The dead count is the number of polling packets missed to consider failure and initiate failover (default is 3). The failover group is lan name which will be visible systemwide. lan900 will have our primary NIC address and lan0, lan1 will work together as lan900. IP is IP taken up by lan900. lan0 will be treated as primary NIC and lan1 as standby. Number 5,3 denotes priorities of respective NIC.

You can make changes in this file if you dont want to go with default values.

Step 6.

The above file is generated for admin to edit if any changes required. After that, the file will be checked for integrity and then can be applied to APA configuration like below :

# lancheckconf
Reading ASCII file /etc/lanmon/lanconfig.ascii
Verification of input file /etc/lanmon/lanconfig.ascii is complete.
 
# lanapplyconf
Reading ASCII file /etc/lanmon/lanconfig.ascii
Creating Fail-Over Group lan900
Updated binary file /etc/lanmon/lanconfig

Here lan900 is created and you APA is complete.

Step 7.

Now you can see lan0 and lan1 vanish from lanscan -q output and instead lan900 appeared with 0 and 1 as its members.

# lanscan -q 
2 
3 
900 0 1 
901

You can verify that lan900 will have an IP address which was configured on primary NIC lan0 before configuration (in netstat -in output).

You can even test if APA failover is happening correctly. Follow this testing procedure to make sure your APA works properly. Sometimes lan900 won’t appear and you need to restart your system. The rebooting system takes up a new APA configuration and you will able to see lan900 in action.

If there is more than one APA configured on the system then it will follow the series of lan901, lan902, and so on.

What is umask value? How to set it up?

Leave a reply

Learn everything about umask value. What is umask value? What is the best default umask? How to set it up in Linux and Unix? & How to calculate umask?

One of the basic topics in learning Linux or Unix is umask value. UMASK is a user file/directory permission mask value and is 4 digits octal value! Whenever a user creates a file or directory kernel grants it some by default permissions. Those are base permissions. For file, it’s 666 (i.e. rw-rw-rw) means read, write to all (owner, group, others), and for directory its 777 (i.e. rwxrwxrwx) means read, write, execute to all.

Here user mask plays its role. The user permission mask is the octal value that is used to determine file/directory permission when they are created by the user. Umask value subtracted bitwise from base permissions and final permission is determined for newly created files and directories.

How to calculate umask?

For example, if umask value is 0022 then newly created files will have permission 0666-0022=0644 (i.e. rw-r–r–) means read to all and write to the owner only. There are plenty of combinations can be used depending on your requirement. You can refer below calculation table for determining your expected umask value:

umask value (Bit from left to right)	For whom	File base permission	Directory base permission
1st		0	0
2nd	Owner	6	7
3rd	Group	6	7
4th	Others	6	7

So, you need to decide which final permission you want on newly created file and directories. Once that is finalized you can have reverse calculation with 666 & 777 and decide your umask value.

What is best default umask?

Below are few standard best default umask values which can be used :

umask value	Final File permission	Final directory permission	Useful for
022	644	755	Normal user. Others have read access only
002	664	775	Group usage. Only group members has access
077	600	700	Complete privacy. No other user can access your data

How to setup umask in Linux/Unix?

umask value can be set up using simple command umask followed by its value. But, this value will be set only for that current active shell session.

# umask 022
# touch testfile
# ll
total 0
-rw-r--r--. 1 root root 0 Feb  1 01:03 testfile

# umask 077
# touch testfile1
# ll
total 0
-rw-------. 1 root root 0 Feb  1 01:04 testfile1

Observe in the above output that file permissions defer when we set different umask values.

To set this up permanently, define this command in the login profiles of users. /etc/profile value can be overridden by the user’s own profile which executes after that. For all systemwide users define it /etc/profile or /etc/bashrc file. For user-specific values, define them in ~/.profile (Korn / Bourne shell) ~/.cshrc file (C shells), ~/.bash_profile (Bash shell) these shell specific profiles in their home directories.

You need to open a specific profile with vi editors and append umask <value> line at the end.

Setup umask with permission

If you are not good at remembering numbers and want to avoid octal notation, then you can define umask with permission letters too. Syntex will be as below :

# umask u=rwx,g=,o=

# ll
total 0
-rw-------. 1 root root 0 Feb  1 01:12 testfile3

Here, we set umask with defining permissions at the user, group, and owner level (500). Notice that there is no space in between but permissions are separated by commas.

Kernel Talks

Unix, Linux, & Cloud!

Monthly Archives: February 2017

Learn Linux Unix: File permissions & ownership

Ownership :

How to change file ownership :

Permissions :

How to change file permissions :

How to change directory permissions recursively

6 ways to check Linux kernel version

1. By reading version process file.

2. By reading Distro release file in /etc

3. By listing release package

4. Using `uname` command

5. Using `lsb_release` command

6. Using `hostnamectl` command

How to mount ISO file in Linux?

Step 1.

Step 2.

Its a century! Celebrating 100 posts!

HPUX: APA configuration testing script

Sample output :

Auto port aggregation APA configuration in HPUX

Step 1.

Step 2.

Step 3.

Step 4.

Step 5.

Step 6.

Step 7.

What is umask value? How to set it up?

How to calculate umask?

What is best default umask?

How to setup umask in Linux/Unix?

Setup umask with permission

Ownership :

How to change file ownership :

Permissions :

How to change file permissions :

How to change directory permissions recursively

1. By reading version process file.

2. By reading Distro release file in /etc

3. By listing release package

4. Using uname command

5. Using lsb_release command

6. Using hostnamectl command

Step 1.

Step 2.

Step 3.

Step 4.

Default ssh usernames for famous Linux in EC2

Step 1.

Step 2.

Sample output :

Step 1.

Step 2.

Step 3.

Step 4.

Step 5.

Step 6.

Step 7.

How to calculate umask?

What is best default umask?

How to setup umask in Linux/Unix?

Setup umask with permission

4. Using `uname` command

5. Using `lsb_release` command

6. Using `hostnamectl` command