10. Manage Security
πRed Hat Certified System Administrator (RHCSA β EX200)
1. What Are Default File Permissions?
Default file permissions define:
- What permissions are assigned automatically when:
- A new file is created
- A new directory is created
In Linux systems (including Red Hat), permissions are not random. They are controlled by:
- System defaults
- A special setting called umask
2. Basic Permission Types
Every file and directory has three types of permissions:
| Permission | Symbol | Meaning |
|---|---|---|
| Read | r | View content |
| Write | w | Modify content |
| Execute | x | Run file / enter directory |
3. Permission Ownership Categories
Permissions are assigned to three groups:
| Category | Meaning |
|---|---|
| User (u) | Owner of the file |
| Group (g) | Group members |
| Others (o) | Everyone else |
4. Default Permission Values
When a file or directory is created, the system starts with base permissions:
Default Base Values
| Type | Base Permission |
|---|---|
| Files | 666 (rw-rw-rw-) |
| Directories | 777 (rwxrwxrwx) |
However, these are not final permissions. They are modified by umask.
5. What Is umask?
umask (User Mask) controls which permissions are removed from the default base.
Key Idea:
umask does not add permissions, it removes permissions
6. How umask Works
Formula:
Final Permission = Default Permission - umask
Example 1: umask = 022
For files:
666 - 022 = 644
Result:
rw-r--r--
For directories:
777 - 022 = 755
Result:
rwxr-xr-x
Example 2: umask = 027
Files:
666 - 027 = 640
Directories:
777 - 027 = 750
7. Why Files Do Not Get Execute Permission by Default
Even though base is 666, files never get execute (x) by default because:
- Files are not assumed to be executable programs
- Execute permission must be added manually using
chmod
8. Viewing Current umask
Use:
umask
Example output:
0022
To see symbolic format:
umask -S
Example:
u=rwx,g=rx,o=rx
9. Setting umask Temporarily
To change umask for the current session:
umask 027
This change:
- Applies only to the current shell
- Resets after logout
10. Setting umask Permanently
To make umask persistent, configure it in:
For all users:
/etc/profile
/etc/bashrc
For a specific user:
~/.bash_profile
~/.bashrc
Example:
umask 027
11. Default Permissions in an IT Environment
In a system environment:
- umask 022
- Used in general systems
- Allows others to read files
- umask 027
- Used in secure environments
- Restricts access to group only
- umask 077
- Highly restricted
- Only owner has access
12. Special Default Permissions for Directories
Directories behave differently:
| Permission | Meaning |
|---|---|
| r | List contents |
| w | Create/delete files |
| x | Enter directory |
So correct default permissions are important for:
- Shared directories
- Application data directories
13. Interaction with chmod
Even after default permissions are set:
- You can manually modify permissions using:
chmod 755 file
chmod u+x script.sh
Default permissions only apply at creation time.
14. Important Exam Points
You should be able to:
β Understand how default permissions are calculated
β Identify base permissions (666, 777)
β Calculate final permissions using umask
β View current umask
β Change umask temporarily and permanently
β Understand differences between file and directory permissions
β Explain why execute permission is not set by default
15. Common Mistakes (Very Important for Exam)
β Thinking umask adds permissions
β It removes permissions
β Using subtraction incorrectly
β Always subtract digit by digit
β Expecting files to have execute permission by default
β Files never get execute automatically
16. Quick Summary
- Files start with 666, directories with 777
- umask removes permissions
- Common umask values:
- 022 β standard access
- 027 β restricted access
- 077 β private access
- Default permissions apply only when a file/directory is created
