Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentXserve Up Mac OS X Server
121122123124125126127128129130
Chapter 8 Managing User and Group Accounts 129
 The following file (-) displays read, write, and executable permissions for owner (rwx),
but only read and executable for group (r-x) and others (r-x):
-rwxr-xr-x
 The following file (-) displays read, write, and executable permissions for owner (rwx),
but only read for group (r--) and others (r--):
-rwxr--r--
For more information, see the ls man page.
Setting the umask Setting for a User
The global umask setting determines the permissions of files and folders created by a
local user:
$ sudo defaults write -g NSUmask -int
value
Use one of the following values to set the permission level:
The default umask setting, 022, removes group and world write permissions but allows
group and world read permissions.
With a umask setting of 027, files and folders created by a user are not readable by
other users on the computer, but they are readable by members of the users assigned
group. To make a file or folder accessible to others, the owner can by change the
permissions in the Finder’s Get Info window or use the chmod tool.
To set the umask settings for local users to octal 027 (decimal equivalent 23):
$ sudo defaults write /Library/Preferences/.GlobalPreferences NSUmask 23
Note: The path above refers to the .GlobalPreferences defaults domain, not to the file
.GlobalPreferences.plist, which might accidentally be filled in while using the shell
autocomplete feature.
This command affects the permissions on files and folders created by programs that
respect the Mac OS X NSUmask settings. Programs should follow the value set for
umask, but there is no guarantee that they will. Also, users can override their own
umask setting at any time. The changes to the umask settings take effect at next login.
Value Permission Level
63 (octal equivalent 077) Only the user can read files.
23 (octal equivalent 027) The user and members of the users default group can read files.
18 (octal equivalent 022) All users can read newly created files.
WARNING: Setting permissions to group, or all, allows private or confidential
information in these folders to be visible to others. To prevent private files from being
accessed, the user should create a folder and restrict the permissions.