Some directories have permissions set to 755, other to 700. Files have similar analogue values. Why?
I was thinking that that files and dirs were created by taking into account the umask value (the default 0022), but it seems that many of these files and directories instead use different values.
When a program wants to create a new file (that includes of course directories), it asks the kernel to do so. With that request goes a proposal fore setting the permission bits, which means that it is application dependend (and within that application it can depend on other things) what is proposed. The umask is then used to mask bits in the proposed permissions. Which mean that possibly some of the proposed bits will be set off. It never means that bits that are not proposed are set on.
The umask is NOT what should be set, it is what NOT should be set.
Thus when you do not want bits set for e.g. the world, your umask should be 007. When a program then proposes to set to rwxr-xr-x, the result will be rwxr-x—.
But when you set the umask to 000 with the same proposal, the result will be unchanged rwxr-xr-x (and NOT rwxrwxrwx as you seem to think).
It is up to the user to set a restrictive umask to his needs.
So in other words umask is just the minimum set of restrictions, and the different permissions that I noticed is because every program can be more but not less restrictive, right?
How can I override the program permissions proposals of the programs, and set not only a minimum set of restrictions, but also a minimum set of permissions? I’d like to have two user homes to be at least fully readable from each other (and if possible writable to some extent), but under these settings, many things that I want to share are too much restricted (i.e. the Dropbox directory, configuration paths like .config, .local/share, etc.).
Ideally, all user created files should be kept separated, while DE related settings files would be shared (by hyperlinking or at least manually copying once they are set once); for individual program settings, it depends, some would be handy to be shared, for others id doesn’t matter.
Like I said, I’d like to be able to have at least full reading access to the other home directory, but currently I’m unable to do so because the files are owned to the other user account and the permissions are too restrictive.
Sorry for the headaches that I might have caused, all of this seems not only to be a pain to set up but also to explain it.*
Of course this is possible. Desirable? No. Not as you describe it. But, you could create a /home/data folder and set the permissions so that both users can access. Or, if you’re using KDE Plasma 5 take some time to learn about acitivities.
A warning: things like this bring your system miles away from any defaults, whenever you need support this is gonna work against you.
While the above answers are true (of course), I am not going to comment on your question, because I am not 100% sure I understand all you say. To begin with, also for your own understanding, you should do one step backward and understand that talking about “I” without further definition who “I” is to the computer is confusing. The computer does not know “people”. In your system only users are defined (first by their UID, the number, and then. more easily to talk about, by their user names).
So you better try to define what you want, I repeat: also to yourself, by talking more abstract about user alex and user bernard and so on. Their primary group(s), and the other groups they are member of. And your abstract way of thinking should see them as different people, or at least as the same human being in complete different roles.
Only so, and of course with a thorough understanding of the Unix/Linux way of file access protection by ownership (user and group) and permissions (read, write, execute, suid for user, group and/or world/others) can you try to design a solution for what you want.
Oh, and no, there is not way to force a program to add permission bits to what it thinks should be the permissions of a file to create, other then changing the program source and recompiling.
Unix/Linux is designed with a certain security concept in mind. And the defaults are often aiming at maximum of security. Using those rules to trade security against usability is of course possible to a certain extend (alex can of course change the permissions of all his files to rwxrwxrwx if he wants so, or otherwise set an umask of 027 instead of 022), but trying to create a situation that ignores the basic concepts will forward you into a dead alley where, as Knurpht warns you, you will see no followers to help you when needed.
Ok, I understand; the whole thing sounded a bit tricky from the beginning, but I thought to ask anyway; it is always better to learn something than keep doubts.
I’m suggested to use Plasma Activities, I played a bit with them, but from what I saw, these are more different desktop configurations than a way to separate a context to another. If they operate on a deeper level, I have not found out how to set them up correctly.