当前位置: 文江博客 话题详情

umask() 什么时候有用?

发布于 2024-11-11 14:04:09 字数 314 浏览 2 评论 0 原文 

umask(0);

fd = open("/dev/null", O_RDWR);

这是 man 2 umask

umask() sets the calling process’s file mode creation mask (umask) to mask & 0777.

但这对我来说没有意义,因为当我们调用 open 时,我们还将提供一个模式参数。

那么umask有什么意义呢?

原文 
umask(0);

fd = open("/dev/null", O_RDWR);

Here's man 2 umask:

umask() sets the calling process’s file mode creation mask (umask) to mask & 0777.

But it doesn't make sense for me,as when we call open ,we will also provide a mode parameter.

So what's the point of umask?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

蓝梦月影 2024-11-18 14:04:09

umask 适用于文件系统操作中使用的所有模式。来自手册open(2)

创建的文件的权限为(mode & ~umask)

因此,只需调用 umask,您就可以影响所有创建文件的模式。

当程序希望用户允许推翻其创建的文件/目录的默认授权时,通常使用此方法。偏执的用户(或 root)可以将 umask 设置为 0077,这意味着即使您在 open(2) 中指定 0777,只有当前用户将有权访问。

The umask is applied to all modes used in file system operations. From the manual open(2):

The permissions of the created file are (mode & ~umask)

So with a single call to umask, you can influence the mode of all create files.

This is usually used when a program wants the user to allow to overrule the default grants for files/directories it creates. A paranoid user (or root) can set the umask to 0077 which means that even if you specify 0777 in open(2), only the current user will have access.

回复 原文
止于盛夏 2024-11-18 14:04:09

我知道这是一个老问题,但这是我的两分钱:

共享内存对象的权限

我试图创建一个共享内存对象,其中:

int shm_open(const char *name, int oflag, mode_t mode);

生成的共享内存没有在模式下设置的权限参数,所以我阅读了 shm_open 手册页,它引导我进入 open 函数 手册页 和那里说:

mode 指定创建新文件时使用的权限。当在标志中指定 O_CREAT 时必须提供此参数;如果未指定 O_CREAT,则忽略模式。有效权限是通过进程的umask以通常的方式修改的:创建的文件的权限是(mode & ~umask)。请注意,此模式仅适用于以后访问新创建的文件

,因此我尝试使用以下命令修改 umask:

mode_t umask(mode_t mask);

但它也不起作用,因此经过更多谷歌之后,我发现了这个 设置权限 gnu.org 中的文档

建议:

当您的程序需要创建文件并绕过 umask 来获取其访问权限时,最简单的方法是在打开文件后使用 fchmod,而不是更改 umask。事实上,改变 umask 通常只能通过 shell 来完成。他们使用 umask 函数。

并使用 fchmod 我的功能按我想要的方式工作:)她是:

int open_signals_shmem(struct signal_shmem **shmem, int size)
{
    int fd, ret;
    void *ptr;

    *shmem = NULL;
    ret = 1;

    fd = shm_open(SIGNALS_SHMEM_NAME, O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
    if (fd == -1)
    {
        printf("error: signals shmem could not be allocated (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
    }
    else
    {
        // Change permissions of shared memory, so every body can access it
        fchmod(fd, S_IRWXU | S_IRWXG | S_IRWXO);

        if (ftruncate(fd, size) == -1)
        {
            printf("error: signals shmem could not be truncated (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
        }
        else
        {
            ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
            if (ptr == MAP_FAILED)
            {
                printf("error: signals shmem could not be mapped (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
            }
            else
            {
                *shmem = ptr;
                ret = 0;
            }
        }
    }
    return ret;
}

I know this is and old question but here is my two cents:

Permissions of shared memory object

I was trying to make a shared memory object, with:

int shm_open(const char *name, int oflag, mode_t mode);

The resulting shared memory did not have the permission set in mode argument, so I read the shm_open man page which led me to the open function man page and there it says:

mode specifies the permissions to use in case a new file is created. This argument must be supplied when O_CREAT is specified in flags; if O_CREAT is not specified, then mode is ignored. The effective permissions are modified by the process's umask in the usual way: The permissions of the created file are (mode & ~umask). Note that this mode only applies to future accesses of the newly created file

So I tried to modify the umask with:

mode_t umask(mode_t mask);

but it did not work either, so after more google I found this Setting Permission document in gnu.org

Which recommends:

When your program needs to create a file and bypass the umask for its access permissions, the easiest way to do this is to use fchmod after opening the file, rather than changing the umask. In fact, changing the umask is usually done only by shells. They use the umask function.

and with fchmod my function worked as I wanted :) her it is:

int open_signals_shmem(struct signal_shmem **shmem, int size)
{
    int fd, ret;
    void *ptr;

    *shmem = NULL;
    ret = 1;

    fd = shm_open(SIGNALS_SHMEM_NAME, O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
    if (fd == -1)
    {
        printf("error: signals shmem could not be allocated (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
    }
    else
    {
        // Change permissions of shared memory, so every body can access it
        fchmod(fd, S_IRWXU | S_IRWXG | S_IRWXO);

        if (ftruncate(fd, size) == -1)
        {
            printf("error: signals shmem could not be truncated (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
        }
        else
        {
            ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
            if (ptr == MAP_FAILED)
            {
                printf("error: signals shmem could not be mapped (%s, errno=%d)\n", SIGNALS_SHMEM_NAME, errno);
            }
            else
            {
                *shmem = ptr;
                ret = 0;
            }
        }
    }
    return ret;
}
回复 原文
浮萍、无处依 2024-11-18 14:04:09

引用这篇文章

umask 的目的是允许
用户影响权限
赋予新创建的文件和
目录。守护进程不应该允许
自己也会受到这个影响
设置,因为什么是合适的
对于用户来说不一定是
适合守护进程。

在某些情况下可能会更多
方便umask设置为
非零值。这同样是
可接受:重要的一点是
守护进程已控制
的价值,而不仅仅是
接受所给予的。

Citing this article:

The purpose of the umask is to allow
users to influence the permissions
given to newly created files and
directories. Daemons should not allow
themselves to be affected by this
setting, because what was appropriate
for the user will not necessarily be
suitable for the daemon.

In some cases it may be more
convenient for the umask to be set to
a non-zero value. This is equally
acceptable: the important point is
that the daemon has taken control of
the value, as opposed to merely
accepting what it was given.

回复 原文
为人所爱 2024-11-18 14:04:09

大多数 Mac 开发人员(以及大多数软件测试人员)从他们还是婴儿的时候起,就把这个放在他们的 .cshrc 中。

umask 002

但是,大多数最终用户不知道 umask,所以如果他们在计算机上创建一个新用户,并运行在您的应用程序中,您可能会在没有组读/写权限的情况下创建一堆日志文件之类的东西。
然后他们再次切换用户,突然你的应用程序无法运行。
出于这个原因,我们将其添加到我们的所有应用程序中。
我们在安全方面的经验法则是“我们希望用户能够使用我们的软件”。

#import <sys/types.h>
#import <sys/stat.h>
int main(int argc, char *argv[])
{
    // set permissions for newly created files to ug+rwX,o+rX
    umask(0002);

Most Mac developers (and by extension most software testers), from the time they were babies, put this in their .cshrc

umask 002

However, most end users don't know about umask, so if they create a new user on the machine, and run your app, you are likely to create a bunch of log files and whatnot without group read/write permissions.
Then they switch users again and suddenly your app doesn't work.
For this reason, we're adding this to all our apps.
Our rule-of-thumb when it comes to security is that "we want users to be able to use our software".

#import <sys/types.h>
#import <sys/stat.h>
int main(int argc, char *argv[])
{
    // set permissions for newly created files to ug+rwX,o+rX
    umask(0002);
回复 原文
~没有更多了~

关于作者

女中豪杰

暂无简介

0 文章
0 评论
480 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文