When a user creates a file/directory, the default permission is determined by the value of umask, and the default permission is a relatively secure permission.
In /etc/profile/ we can see:
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002 else umask 022 Note: id - gn: the group name corresponding to gid id - un: the username corresponding to the uid That is, when uid > 199 and the user name is the same as its corresponding group name, the umask is 002, otherwise it is 022
It is worth noting that the default permission of the administrator's home directory in /etc/login.defs: 077
The umask value is different, which will cause the corresponding default permissions to be different:
File default permissions | Directory default permissions | |
umask=0002 | 664(rw-rw-r--) | 775(rwxrwxr-x) |
umask=0022 | 644(rw-r--r--) | 755(rwxr-xr-x) |
Calculation of umask:
File: default permission = default maximum permission - umask (when umask has odd bits, the odd number of unmask in the result corresponds to permission bits + 1)
directory: default permissions = default max permissions - umask
example | Default maximum permissions | umask 值 | mDefault permissions |
Create file (umask is all even digits) | 666 | 022 | 644 |
create file (odd digits of umask exist) | 666 | 123 | 666-123=543 5+1-->6 4 unchanged 3+1-->4 The result is 644 |
Create a directory | 777 | 022 | 755 |