Overview of umask
The operating system assigns default permissions when creating new files or directories. The `umask` value is 'excluded' from these default permissions to determine the final permissions. `umask` is important from a security perspective, as it can prevent critical configuration files from being created with overly permissive permissions. The `umask` value can be set differently for each user session and is usually configured in shell initialization files like `.bashrc` or `.profile`.
How umask Works
`umask` is a mask value that specifies **the permissions to 'exclude', not the permissions to allow**. In other words, the final permissions are calculated by subtracting the `umask` value from the maximum default permissions.
Maximum Default Permissions
- File: `666` (read and write, no execute permission)
- Directory: `777` (includes read, write, and execute permissions)
How to Calculate umask
`umask` is represented as a 3-digit octal number (e.g., `022`, `002`). This value is applied in the order of owner (User), group (Group), and others (Others). Each digit represents the sum of permission bits (read=4, write=2, execute=1). The final permissions are calculated as follows:
| Type | Maximum Default Permissions | umask | Final Permissions |
|---|---|---|---|
| File | 666 (rw-rw-rw-) | 022 (--w--w-) | 644 (rw-r--r--) |
| Directory | 777 (rwxrwxrwx) | 022 (--w--w-) | 755 (rwxr-xr-x) |
Common umask Values
In most systems, the default `umask` value is `0022` or `0002`. The leading `0` corresponds to special permissions (sticky bit, SGID, SUID) and is typically set to `0`.
Meaning of Common umask Values
- `umask 022`: Files are created with `644`(rw-r--r--), and directories with `755`(rwxr-xr-x) permissions. This is the most common setting, granting all permissions to the owner, and read and execute permissions to the group and others.
- `umask 002`: Files are created with `664`(rw-rw-r--), and directories with `775`(rwxrwxr-x) permissions. This allows write permission for group users, facilitating collaboration within the same group.
- `umask 077`: Files are created with `600`(rw-------), and directories with `700`(rwx------) permissions. This is a very strict permission setting, preventing anyone other than the owner from accessing it. Suitable for personal files or directories where security is crucial.
Main umask Command Options
`umask` command is used to check the current value or set a new value. When used without options, it displays the current `umask` value.
1. Check and Set umask Value
Generated command:
Try combining the commands.
Description:
`umask` Executes the command.
Combine the above options to virtually execute commands with AI.
Usage Examples
Learn how to check and set the default permissions for newly created files and directories through various examples of the `umask` command.
Check Current umask Value
umaskCheck the `umask` value of the current shell session in octal (e.g., `0022`).
Check umask Value in Symbolic Mode
umask -SCheck the `umask` value in the form of final allowed permissions like 'u=rwx,g=rx,o=rx' instead of octal.
Set umask Value to 002
umask 002Change `umask` so that newly created files have `664`(rw-rw-r--) and directories have `775`(rwxrwxr-x) permissions. (Allowing write permission for users in the same group)
Set Strict umask Value to 077
umask 077Change `umask` so that newly created files have `600`(rw-------) and directories have `700`(rwx------) permissions. No access is allowed for anyone other than the owner.
Check Permissions After Changing umask for File/Directory Creation
umask 002
touch test_file_002.txt
mkdir test_dir_002
ls -l test_file_002.txt test_dir_002After setting `umask` to `002`, create new files and directories to check if the changed permissions are applied using `ls -l`.