umask

This attribute sets the file-creation mode mask for the service. Umask, a three-digit octal-number, represents the UNIX file-creation mode mask to use. It defines the access restrictions, called "permissions", to set for files and directories. The permissions define which users can read, write, and execute/access files or directories. The first digit of the octal-number indicates permissions for the owner of the file or directory. The second digit indicates permissions for users with the same group ID as the file's owner. The third digit sets permissions for the rest of the network's users.

You can define permissions by taking the values for the permissions you want to deny and adding them to 0. The value 7 denies all access rights, and the value 0 grants all access rights. The "read" permission has a value of 4, "write" has a value of 2, and "execute" has a value of 1--for directories, this equates to the "search" permission. The umask defaults to 077, indicating full permissions for the user and no permissions for anyone else.

The following table lists permission configurations:

For example, you might use the following directory permission for the umask:

In this case, the owner can read, write, and execute files in that directory; the group can only read files in the directory; and everyone else can only read files in the directory.

DOS and Macintosh operating systems do not distinguish between reading and executing a file, so these systems ignore the "execute" permission. For directories, it still means "search" permission. If other DOS or Macintosh users need to run programs owned by the user, they need to have "read" permission. The Macintosh operating system determines the protection setting for new file folders.

You can set the umask for specific volumes by using the umask option of the volume command for that volume. For more information on the UNIX file-creation mode mask, refer to the UNIX man pages for umask and chmod.

Usage:

tnservice -M -r realm -s service -a umask=octal-number