Access Permissions   «Prev  Next»
Lesson 6Setting default permissions with umask
Objective Use the umask Command to set Default Permissions when a new File is created.

Use the umask Command to set Default Permissions

Creating new File

When a new file is created, its permissions are determined by a value called the umask.
The umask is a three-digit octal number (like a numeric permission number). Its value is subtracted from the value 777 (for directories) or 666 (for files). Thus, a umask value of 022 yields new files with mode 644, and a umask value of 077 yields new files with mode 600 and directories with mode 700.
Notice that no negative numbers are used.
The umask may be viewed and set with the umask command:

$ umask
$ umask 066
$ umask

umask command

The most common place for a umask command is in a system-wide login initialization file or in a user initialization file such as $HOME/.profile. We will return to this point when we discuss new user accounts.

umask is a command that determines the settings of a mask that controls which file permissions are set for files and directories when they are created. It also refers to a function that sets the mask, and to the mask itself, which is formally known as the file mode creation mask.
In UNIX, each file and directory has sets of attributes which control who is permitted acces by means of modes.
When a file or directory is created, the permissions to be set are specified. The mask restricts which permissions are allowed.
  1. If the mask bit is set to "1", the corresponding permission will be disabled.
  2. For a bit set to "0", the corresponding permission will be determined by the program and the system.
In other words, the mask acts as a last-stage filter that strips away permissions as a file or directory is created where the bit that is set to a "1". Since the permissions are categorized by owner, group and other "the mask" helps with defaulting access. The modes can be changed using chmod.
Each program (technically called a process) has its own mask, which is applied whenever that process creates a new file. Each process is able to change the settings of its own mask using a function call. When the process is a shell, the mask is set with the umask command. When a shell, or any other process, launches a new process, the child process inherits the mask from its parent process. The mask does not work retroactively, that is, changes made to the mask only affect new files created after the changes are made. Generally, the mask only affects file permissions during the creation of new files and has no effect when file permissions are changed in existing files, however, in some specific cases it can help determine permissions when file permissions are changed in existing files using the chmod command.