Learn everything about umask value. What is umask value? What is the best default umask? How to set it up in Linux and Unix? & How to calculate umask?
One of the basic topics in learning Linux or Unix is umask value. UMASK is a user file/directory permission mask value and is 4 digits octal value! Whenever a user creates a file or directory kernel grants it some by default permissions. Those are base permissions. For file, it’s 666 (i.e. rw-rw-rw) means read, write to all (owner, group, others), and for directory its 777 (i.e. rwxrwxrwx) means read, write, execute to all.
Here user mask plays its role. The user permission mask is the octal value that is used to determine file/directory permission when they are created by the user. Umask value subtracted bitwise from base permissions and final permission is determined for newly created files and directories.
How to calculate umask?
For example, if umask value is 0022 then newly created files will have permission 0666-0022=0644 (i.e. rw-r–r–) means read to all and write to the owner only. There are plenty of combinations can be used depending on your requirement. You can refer below calculation table for determining your expected umask value:
|umask value (Bit from left to right)||For whom||File base permission||Directory base permission|
So, you need to decide which final permission you want on newly created file and directories. Once that is finalized you can have reverse calculation with 666 & 777 and decide your umask value.
Read also : What is ulimit value?
What is best default umask?
Below are few standard best default umask values which can be used :
|umask value||Final File permission||Final directory permission||Useful for|
|022||644||755||Normal user. Others have read access only|
|002||664||775||Group usage. Only group members has access|
|077||600||700||Complete privacy. No other user can access your data|
How to setup umask in Linux/Unix?
umask value can be set up using simple command umask followed by its value. But, this value will be set only for that current active shell session.
# umask 022 # touch testfile # ll total 0 -rw-r--r--. 1 root root 0 Feb 1 01:03 testfile # umask 077 # touch testfile1 # ll total 0 -rw-------. 1 root root 0 Feb 1 01:04 testfile1
Observe in the above output that file permissions defer when we set different umask values.
To set this up permanently, define this command in the login profiles of users.
/etc/profile value can be overridden by the user’s own profile which executes after that. For all systemwide users define it
/etc/bashrc file. For user-specific values, define them in
~/.profile (Korn / Bourne shell)
~/.cshrc file (C shells),
~/.bash_profile (Bash shell) these shell specific profiles in their home directories.
You need to open a specific profile with vi editors and append
umask <value> line at the end.
Setup umask with permission
If you are not good at remembering numbers and want to avoid octal notation, then you can define umask with permission letters too. Syntex will be as below :
# umask u=rwx,g=,o= # ll total 0 -rw-------. 1 root root 0 Feb 1 01:12 testfile3
Here, we set umask with defining permissions at the user, group, and owner level (500). Notice that there is no space in between but permissions are separated by commas.