LinuxSecurity.com: Using umaskJul 11, 2000, 18:28 (3 Talkback[s])
(Other stories by Ryan W. Maple)
[ Thanks to Benjamin D. Thomas for this link. ]
"The umask command controls the default file and directory creation mode for newly-created files and directories. It is recommended that you make root's umask 077, which will disable read, write, and execute permission for other users, unless explictly changed using chmod."
"The umask command can be used to determine the default file creation mode on your system. It is the octal complement of the desired file mode. If files are created without any regard to their permissions settings, a user could inadvertently give read or write permission to someone that should not have this permission."
"The umask for the creation of new executable files is calculated as follows:
777 Default Permissions -022 Subtract umask value, for example ----- 755 Allowed PermissionsSo in this example we chose 022 as our umask. This shows us that new executables that are created are given mode 755, which means that the owner can read, write, and execute the binary, while members of the group to which the binary belongs, and all others, can only read and execute it."