umask?

[paulsjv]

I hope someone here can answer my question as I've done a search for umask and found some threads but no real responses to them.

I have a group of users that use a Mac OS X 10.4 machine and when one of them creates a file it is not writeable by other users in the same group.

For example, user john in group doe creates a file and it ends up chmod'ed 644 (rw-r--r-- john.doe file.txt). I need this file to be chmod'ed 664 (rw-rw-r-- john.doe file.txt). I'm figuring that this is a umask problem seeing how the umask is set to 022. It needs to be set to 002 in order for the file to be chmod'ed to 664 right? (rw-rw-r-- john.doe file.txt) This way jane can read and write to the file since she is part of the doe group (jane.doe).

I did find one web page that explained things well.

http://www.macosxhints.com/article.php?story=20031211073631814

I had seen a posting by Xsage on a mail group highlighting the presence of a NSUmask default hidden away in the file /System -> Library -> Frameworks -> PreferencePanes.framework -> Versions -> A -> Resources -> global.defaults. The default NSUmask has a value of 18, which is the decimal equivalent of the octal umask setting 022, and is the global default. Since changing the permissions that the System runs with can cause all sorts of nasty things to happen, particularly if you want to set a more restrictive umask than the normal default, we would ideally look to override this default somewhere else.

TinkerTool implements this on a per-user basis by inserting an NSUmask override setting in the file ~/Library -> Preferences -> .GlobalPreferences.plist. The inserted lines are:

<key>NSUmask</key>
<integer>my-umask-decimal</integer>

Replace my-umask-decimal with the decimal conversion of the octal umask you want to set. A decimal NSumask of 0 gives the octal umask value of 000 that I required. To implement this change on a global basis, we simply insert the same setting, but into another file: /Library -> Preferences -> .GlobalPreferences.plist. I have just been putting it right at the at the top, for example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSUmask</key>
<integer>0</integer>
<key>AppleLanguages</key>
<array>
<string>English</string>

And that is about it. Obviously you will need to have administrative privileges to be able to do this, and you should save a backup of any files you change etc, etc. As an aside, the global.defaults file contains a few other interesting things that other people might want to mess with, including mouse scaling and key repeat times.

However, I tried setting it per user but the file this article is pointing to for the per user is mainly gibberish. I've taken a look at the global file this refers to and I could change it there but I'm not sure how that would affect the system as awhole and therefore a little hesitant in changing it.

Has anyone run into this problem of having multiple users connecting via ssh, ftp, locally on the machine itself, and through a network and not having the correct permissions for files that are being created?

Thanks for any help!
jay

 

[Go3iverson]

So you have a group of users that all share one machine and all store their data locally on that machine, or where? Also, all the users are local users or do you have some sort of directory service? Any file sharing services itself?

Michael

 

[paulsjv]

So you have a group of users that all share one machine and all store their data locally on that machine, or where? Also, all the users are local users or do you have some sort of directory service? Any file sharing services itself?

Michael

Here's the situation.

I have about 5 users who are all in the staff group I created. This staff group is set to own all the files in the web root because all 5 people in this group need access to read write files and create directories there. The problem is that all 5 people connect all different ways. They can get up and walk to the machine and login locally. Some of them use dreamweaver and connect via ftp. Then some of them connect through the network and finally some of them connect through ssh and do some work. For me it's a big nightmare because the permissions were set wrong to begin with. I found that it's the umask setting that is causing the problem when a user creates a file so I need to make it 002 for each method of connection to the machine. I'm not sure if you can make it for certain directories but I do know I should be able to do it per-user.

That's the delima I'm facing.

thanks!