Overview of umask
The operating system assigns default permissions when creating new files or directories. The `umask` value is 'excluded' from these default permissions to determine the final permissions. `umask` is important from a security perspective, as it can prevent critical configuration files from being created with overly permissive permissions. The `umask` value can be set differently for each user session and is usually configured in shell initialization files like `.bashrc` or `.profile`.
How umask Works
umask is a mask value that specifies the permissions to 'exclude', not the permissions to allow. In other words, the final permissions are calculated by subtracting the umask value from the maximum default permissions.
Maximum Default Permissions
- File:
666(read and write, no execute permission) - Directory:
777(includes read, write, and execute permissions)
How to Calculate umask
umask is represented as a 3-digit octal number (e.g., 022, 002). This value is applied in the order of owner (User), group (Group), and others (Others). Each digit represents the sum of permission bits (read=4, write=2, execute=1). The final permissions are calculated as follows:
| Type | Maximum Default Permissions | umask | Final Permissions |
|---|---|---|---|
| File | 666 (rw-rw-rw-) | 022 (--w--w-) | 644 (rw-r--r--) |
| Directory | 777 (rwxrwxrwx) | 022 (--w--w-) | 755 (rwxr-xr-x) |
Common umask Values
In most systems, the default umask value is 0022 or 0002. The leading 0 corresponds to special permissions (sticky bit, SGID, SUID) and is typically set to 0.
Meaning of Common umask Values
umask 022: Files are created with644(rw-r--r--), and directories with755(rwxr-xr-x) permissions. This is the most common setting, granting all permissions to the owner, and read and execute permissions to the group and others.umask 002: Files are created with664(rw-rw-r--), and directories with775(rwxrwxr-x) permissions. This allows write permission for group users, facilitating collaboration within the same group.umask 077: Files are created with600(rw-------), and directories with700(rwx------) permissions. This is a very strict permission setting, preventing anyone other than the owner from accessing it. Suitable for personal files or directories where security is crucial.
Main umask Command Options
`umask` command is used to check the current value or set a new value. When used without options, it displays the current `umask` value.
1. Check and Set umask Value
Generated command:
Try combining the commands.
Description:
`umask` Executes the command.
Combine the above options to virtually execute commands with AI.
Usage Examples
Learn how to check and set the default permissions for newly created files and directories through various examples of the `umask` command.
Check Current umask Value
umaskCheck the `umask` value of the current shell session in octal (e.g., `0022`).
Check umask Value in Symbolic Mode
umask -SCheck the `umask` value in the form of final allowed permissions like 'u=rwx,g=rx,o=rx' instead of octal.
Set umask Value to 002
umask 002Change `umask` so that newly created files have `664`(rw-rw-r--) and directories have `775`(rwxrwxr-x) permissions. (Allowing write permission for users in the same group)
Set Strict umask Value to 077
umask 077Change `umask` so that newly created files have `600`(rw-------) and directories have `700`(rwx------) permissions. No access is allowed for anyone other than the owner.
Check Permissions After Changing umask for File/Directory Creation
umask 002
touch test_file_002.txt
mkdir test_dir_002
ls -l test_file_002.txt test_dir_002After setting `umask` to `002`, create new files and directories to check if the changed permissions are applied using `ls -l`.