Hello everyone,
this thread is about umask and how ucs_client.sh makes use of it.
If you don’t know what umask is:
What is umask and how does it affect UCS?
In general ucs_client.sh can be executed by different users which might have different umasks. When a user with umask 0077 creates a transaction the file has permissions ‘600’. This is because basic permission of files is ‘666’ (and for directories it is ‘777’). When a file is being created the umask is being applied on the basic file permissions which leads to permission ‘600’.
Why is this so important?
When the umask of the receiving user is different e.g. umask 0022 instead of umask 0077 the script must have a logic inside to handle this. To ensure that files created by a user with a different umask still match the umask of the receiving user the script extracts file via tar and the --no-same-permissions option which results in applying the receiving users’ umask on the files. But this doesn’t ensure that files completely match the users file mode creation mask as the option only acts as a kind of filter ensuring that files permissions are not higher than defined in umask. But of course file permissions can be lower. A file having permissions ‘600’ packed by user with umask 0077 would still have permissions ‘600’ when unpacked by a user with umask 0022 with the described tar-option. So files and directories need to be touched afterwards and permissions need to be modified. Therefore the script calculates the file and directory permissions based on the umask. This can easily be done by subtracting the umask from the basic permissions:
For Directories (e.g. with umask 0022 and 0077):
777 - 0022 = 755
777 - 0077 = 700
For Files the approach is different. Because the default file permissions are 666 we cannot simply substract the umask as it might lead to a value that is not octal notation (666 - 0077 = 589). To get the correct file-permissions the script simply creates a file and extracts the file permissions.
The background is that a file created by user having umask 0022 has file permissions ‘644’ while the same file must have file permissions ‘600’ for a user having the umask 0077 to appear as a file having permissions equal to a file that the user has just created. For directories this means that a directory created by a user having umask 0022 has file permissions ‘755’ while the same directory must have file permissions ‘700’ for a user having the umask 0077.
How does ucs_client.sh handle that?
As already mentioned the values for variables $permissions_directories and $permissions_files are being calculated based on the users’ umask during the execution of install.sh and written to config.conf which is then sourced at start of ucs_client.sh . But of course you can use different values. To achieve this you need to modify the lines in config.conf file after you ran install.sh .