4.8. umask FunctionNow that we've described the nine permission bits associated with every file, we can describe the file mode creation mask that is associated with every process.The umask function sets the file mode creation mask for the process and returns the previous value. (This is one of the few functions that doesn't have an error return.)
ExampleThe program in Figure 4.9 creates two files, one with a umask of 0 and one with a umask that disables all the group and other permission bits.If we run this program, we can see how the permission bits have been set.$ umask first print the current file mode creation mask 002 $ ./a.out $ ls -l foo bar -rw------- 1 sar 0 Dec 7 21:20 bar -rw-rw-rw- 1 sar 0 Dec 7 21:20 foo $ umask see if the file mode creation mask changed 002 Figure 4.9. Example of umask function#include "apue.h" #include <fcntl.h> #define RWRWRW (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) int main(void) { umask(0); if (creat("foo", RWRWRW) < 0) err_sys("creat error for foo"); umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); if (creat("bar", RWRWRW) < 0) err_sys("creat error for bar"); exit(0); } Most users of UNIX systems never deal with their umask value. It is usually set once, on login, by the shell's start-up file, and never changed. Nevertheless, when writing programs that create new files, if we want to ensure that specific access permission bits are enabled, we must modify the umask value while the process is running. For example, if we want to ensure that anyone can read a file, we should set the umask to 0. Otherwise, the umask value that is in effect when our process is running can cause permission bits to be turned off.In the preceding example, we use the shell's umask command to print the file mode creation mask before we run the program and after. This shows us that changing the file mode creation mask of a process doesn't affect the mask of its parent (often a shell). All of the shells have a built-in umask command that we can use to set or print the current file mode creation mask.Users can set the umask value to control the default permissions on the files they create. The value is expressed in octal, with one bit representing one permission to be masked off, as shown in Figure 4.10. Permissions can be denied by setting the corresponding bits. Some common umask values are 002 to prevent others from writing your files, 022 to prevent group members and others from writing your files, and 027 to prevent group members from writing your files and others from reading, writing, or executing your files.
002 $ umask -S print the symbolic form u=rwx,g=rwx,o=rx $ umask 027 change the file mode creation mask $ umask -S print the symbolic form u=rwx,g=rx,o=  |
لطفا منتظر باشید ...
