Umask Command in Linux
Introduction
All new files on Linux and Unix operating systems are created with default permissions. The umask
utility displays or changes the file mode creation mask, which controls the permissions bits for newly created files and directories.
It's used by operations like mkdir
, touch
, and tee
to create new files and directories.
In this tutorial, you will understand umask command in Linux. We will also address a few FAQs on Umask Command in Linux.
Linux Permissions
Before we go any further, let's take a quick look at the Linux permissions paradigm.
Each file in Linux is allocated an owner and a group, as well as permission access permissions for three main types of users:
- The owner of the file.
- Members of the group.
- Everyone else is out.
Each class has three different sorts of permissions:
- The read permission.
- The write permission.
- The execute permission.
This notion allows you to designate which users have permission to read, write, or execute the file.
Use the ls
command to see the file permissions:
ls -l dirname
Output
drwxr-xr-x 12 linuxize users 4.0K Apr 8 20:51 dirname
|[-][-][-] [------] [---]
| | | | | |
| | | | | +-----------> Group
| | | | +-------------------> Owner
| | | +----------------------------> Others Permissions
| | +-------------------------------> Group Permissions
| +----------------------------------> Owner Permissions
+------------------------------------> File Type
The file type is indicated by the first character, which can be a standard file (-
), a directory (d
), a symbolic link (l
), or any other specific form of a file.
The permissions are represented by the next nine characters, which are divided into three groups of three characters each. The first set displays owner permissions, the second group permissions, and the third set displays permissions for everyone else.
Read is represented by the character r
with an octal value of 4
, write is represented by the character w with an octal value of 2
, execute permission is represented by the character x
with an octal value of 1
, and no permissions is represented by the character (-
) with an octal value of 0
.
Setuid
, setgid
, and Sticky Bit
are three further sorts of special file permissions.
In the example above, (rwxr-xr-x
) indicates that the owner has read, write, and execute permissions (rwx
), as well as read and execute permissions for the group and others.
If we use a numeric notation to describe the file permissions, we get the number 755
:
- Owner:
rwx
=4+2+1 = 7
- Group:
r-x
=4+0+1 = 5
- Other:
r-x
=4+0+1 = 5
Permissions can have three or four octal digits when written in numeric notation (0-7). Special permissions are represented by the first digit, and if it is omitted, the file has no special permissions. 755
is the same as 0755
in our case. The first digit can be any number between 4
and 1
, with 4
being setuid
, 2
being setgid
, and 1
being Sticky Bit
.
The chmod
command can be used to adjust file permissions and the chown
command can be used to change ownership.
Understanding umask
The default creation permissions on Linux systems are 666
for files, which gives user, group, and others read and write permission, and 777
for directories, which gives user, group, and others read, write, and execute permission. A file with execute rights cannot be created under Linux.
The umask
utility can be used to change the default creation permissions.
Only the current shell environment is affected by umask
. The default system-wide umask
value is configured in the pam umask.so
or /etc/profile
file on most Linux distributions.
Edit the user's shell configuration files, such as /.bashrc
or /.zshrc
, if you want to specify a different value per user. umask
followed by the required value can also be used to modify the current session umask
value.
Simply type umask
without any parameters to see the current mask value:
umask
The final product will include:
Output
022
The permission bits that will not be set on newly created files and directories are contained in the umask
value.
As previously stated, the default creation permissions for files and directories are 666
and 777
, respectively. Subtract the umask
value from the default value to get the permission bits for the new files.
Use the following formula to determine how umask 022
will effect newly created files and directories:
- Files:
666 - 022 = 644
. The files can be accessed and modified by the owner. The files can only be read by the group and others. - Directories:
777 - 022 = 755
. The owner can list, read, modify, create, and remove files in the directory usingcd
.cd
into the directory and list and read the files for the group and others.
You can also use the -S
option to display the mask value in symbolic notation:
umask -S
Output
u=rwx,g=rx,o=rx
The symbolic notation value, unlike the numeric notation, includes the permission bits that will be set on newly created files and folders.
Setting the Mask Value
The octal or symbolic notation can be used to set the file creation mask. Set the new umask
value in a global configuration file like /etc/profile
, which affects all users, or in a user's shell configuration files like ~/.profile
, ~/.bashrc
, or /.zshrc
, which affects only the user, to make the changes permanent. The user files come first, followed by the global files.
Before changing the umask
value, double-check that the new value does not represent a security concern. With values less restrictive than 022
, extreme caution should be exercised. Anyone with read, write, and execute permissions on all newly created files, for example, has umask 002
.
Let's imagine we want to give the newly created files and directories more restrictive permissions so that others can't cd
to them or read their contents. We need 750
permissions for directories and 640
permissions for files.
Simply subtract the needed permissions from the default one to get the umask
value:
Umask value: 777-750 = 027
The numeric representation of the requested umask
value is 027
.
Open the /etc/profile
file using your text editor to change the new value system-wide:
sudo nano /etc/profile
and at the top of the file, edit or add the following line:
umask 027
Run the following source
command or log out and back in to see the changes:
source /etc/profile
To test the updated settings, we'll use mkdir
to create a new file and directory, then touch
:
mkdir newdir
touch newfile
Using the ls
command, you can see that the new file has 640
permissions and the new directory has 750
permissions, which is exactly what we wanted:
drwxr-x--- 2 linuxize users 4096 Jul 4 18:14 newdir
-rw-r----- 1 linuxize users 0 Jul 4 18:14 newfile
Symbolic notation is another approach to set the file creation mask. umask u=rwx,g=rx,o=
, for example, is the same as umask 027
.
FAQs on Umask Command in Linux
How does the umask value affect file permissions?
The umask value is subtracted from the default permissions to determine the actual permissions of the newly created files and directories. It works as a mask that removes specific permission bits.
What is the default umask value in Linux?
The default umask value in Linux is usually set to 022, which results in read (r), write (w), and execute (x) permissions for the owner, and read and execute permissions for group and others.
How do I check the current umask value?
To check the current umask value, you can simply type "umask" into the terminal without any arguments. It will display the current umask value.
How can I set a specific umask value?
To set a specific umask value, use the command "umask" followed by the desired value. For example, "umask 027" sets the umask value to 027.
Can I specify symbolic permissions with the umask command?
No, the umask command only accepts octal values. The symbolic notation is not supported.
How can I make the umask value persistent across sessions?
To make the umask value persistent across sessions, you can add the umask command with the desired value to the appropriate shell configuration file (e.g., ~/.bashrc or ~/.profile).
Does the umask value affect existing files and directories?
No, the umask value only affects newly created files and directories. It does not change the permissions of existing files or directories.
Conclusion
We've covered Linux permissions and how to use the umask
command to set permissions bits for newly generated files and directories in this guide.
In your terminal, type man umask
for more details.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.