Access Permissions   «Prev  Next»
Lesson 6Setting default permissions with umask
Objective Use the umask Command to set Default Permissions when a new File is created.

Use the umask Command to set Default Permissions

The umask command in Unix is a valuable tool for configuring the default permissions assigned to newly created files and directories. It uses a system of file mode creation masks to influence the permissions that are automatically assigned during the creation process. To use the umask command for setting default permissions when creating new files in Unix, follow the steps outlined below:
  1. Understand umask values: umask values are represented as three or four octal digits, corresponding to the permission bits for the owner, group, and others. The umask value is subtracted from the default permission value to determine the final permission set for a new file or directory. For example, a umask value of 022 results in a permission set of 755 for directories (777 - 022) and 644 for files (666 - 022).
  2. Check the current umask value: To view the current umask value, simply type umask in the terminal and press Enter. The system will display the active umask value, such as 0022.
  3. Calculate the desired umask value: Determine the default permissions you wish to apply to new files and directories. Then, calculate the umask value by subtracting the desired permission from the default permission value (777 for directories and 666 for files). For instance, if you want new files to have the permission set 664 (read and write access for owner and group, read-only for others), the umask value would be 002 (666 - 664).
  4. Set the umask value temporarily: To temporarily change the umask value for the current shell session, enter the umask command followed by the desired value, like this: umask 002. This change will only affect the current shell session and will be reset to the original value when the session is closed.
  5. Set the umask value permanently: To permanently change the default umask value for your user account, add the umask command with the desired value to your shell initialization file. For Bash users, this file is typically ~/.bashrc or ~/.bash_profile. Add the following line to the appropriate file: umask 002. Save the file, and then either restart the terminal or run source ~/.bashrc (or source ~/.bash_profile) to apply the changes.

By following these steps, you can effectively use the umask command to set default permissions for new files and directories created in a Unix system. Properly configuring default permissions helps maintain security, privacy, and data integrity by ensuring that files and directories are created with the appropriate access rights.

Creating new File

When a new file is created, its permissions are determined by a value called the umask.
The umask is a three-digit octal number (like a numeric permission number). Its value is subtracted from the value 777 (for directories) or 666 (for files). Thus, a umask value of 022 yields new files with mode 644, and a umask value of 077 yields new files with mode 600 and directories with mode 700.
Notice that no negative numbers are used.
The umask may be viewed and set with the umask command:
$ umask
$ umask 066
$ umask

umask command

The most common place for a umask command is in a system-wide login initialization file or in a user initialization file such as $HOME/.profile. We will return to this point when we discuss new user accounts. umask is a command that determines the settings of a mask that controls which file permissions are set for files and directories when they are created. It also refers to a function that sets the mask, and to the mask itself, which is formally known as the file mode creation mask.
In UNIX, each file and directory has sets of attributes which control who is permitted acces by means of modes. When a file or directory is created, the permissions to be set are specified. The mask restricts which permissions are allowed.
  1. If the mask bit is set to "1", the corresponding permission will be disabled.
  2. For a bit set to "0", the corresponding permission will be determined by the program and the system.
In other words, the mask acts as a last-stage filter that strips away permissions as a file or directory is created where the bit that is set to a "1". Since the permissions are categorized by owner, group and other "the mask" helps with defaulting access. The modes can be changed using chmod.
Each program (technically called a process) has its own mask, which is applied whenever that process creates a new file. Each process is able to change the settings of its own mask using a function call. When the process is a shell, the mask is set with the umask command. When a shell, or any other process, launches a new process, the child process inherits the mask from its parent process. The mask does not work retroactively, that is, changes made to the mask only affect new files created after the changes are made. Generally, the mask only affects file permissions during the creation of new files and has no effect when file permissions are changed in existing files, however, in some specific cases it can help determine permissions when file permissions are changed in existing files using the chmod command.

SEMrush Software6