Umask Settings#The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:
- 777 - Executable files
- 666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file -022 Minus the umask value ----- 644 Allowed PermissionsTherefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txtA example command to set the umask is:
umask 022The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.
Some Linux implementations have a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.