umask is a command that determines the settings of a mask that controls which file permissions are set for files and directories when they are created.
When a user creates a file or a directory under Linux, there is a set of default permission which is applied on those files and directory. These pre-defined premissions are assigned as per the value of default umask.
Before going ahead let me brief you out about the permission values in Linux. The permission in Linux can be set using two methods i.e.
- Octal
- Symbolic
Octal method
Using this method relative permission is provided to files and directories from a scale of 0 to 7 as per the table belowOctal Values | Permission |
0 | no permissions |
1 | execute only |
2 | write only |
3 | write and execute |
4 | read only |
5 | read and execute |
6 | read and write |
7 | read, write and execute |
If the umask command is invoked without any arguments, it will display the current mask. The output will be in either octal or symbolic notation depending on the operating system used.
[root@test ~]# umask
0022
The 4 values represents as shown below
0 - Special permission (Sticky Bit, SUID or SGID)
0 - User Owner Permission
2 - Group Owner Permission
2 - Other User's PermissionCalculation
Follow the below table for default umask value applied on directories
Special Permission | User Owner | Group Owner | All Others | |
Full Permission | NA | 7 | 7 | 7 |
Umask | 0 | 0 | 2 | 2 |
Directory Permission | 0 | 7 | 5 | 5 |
The below table is for default umask value applied on all the files
Special Permission | User Owner | Group Owner | All Others | |
Full Permission | NA | 6 | 6 | 6 |
Umask | 0 | 0 | 2 | 2 |
File Permission | 0 | 6 | 4 | 4 |
For more details on providing Special Permission follow the respective links below
How to change umask value using octal method?
Let me explain you this with few examplesQ: I want all the directories to be created with default permission as 755 and all files with 644 i.e. user have full permission, group and all others have read and execute permission
A: Use the umask value as 0022
Calculation
Run the below command on the terminal
Q: I want all the directories to be created with default permission as 733 and all files with 622 i.e. user have full permission, group and all others have write and execute permission
Calculation
0777 - 0022 = 0755 (directories)
0666 - 0022 = 0644 (files)Run the below command on the terminal
# umask 0022Q: I want all the directories to be created with default permission as 733 and all files with 622 i.e. user have full permission, group and all others have write and execute permission
A: Use the umask value as 0044
Calculation
Run the below command on the terminal
Calculation
0777 - 0044 = 0733 (directories)
0666 - 0044 = 0622 (files)Run the below command on the terminal
# umask 0044Q: I want all the directories to be created with default permission as 700 and all files with 600 i.e. user have full permission, group and all others have no permission
A: Use the umask value as 0077
Calculation
Run the below command on the terminal
Calculation
0777 - 0077 = 0700 (directories)
0666 - 0066 = 0600 (files)Run the below command on the terminal
# umask 0077NOTE: If fewer than 4 digits are entered, leading zeros are assumed. An error will result if the argument is not a valid octal number or if it has more than 4 digits.
Symbolic method
In this mode, the permissions are assigned using alphabet as showm in the below tableSymbolic Values | Permission | Explanation |
r | read | read a file or list a directory's contents |
w | write | write to (or delete) a file or directory |
x | execute | execute a file or recurse a directory tree |
s | setuid/gid | |
t | Sticky bit | See Sticky Bit for details. |
# umask -S
u=rwx,g=rx,o=rxThe permissions of a file are applied to three different classes of users: the user (the file's owner), the group, and others.
Letter | Class | Description |
u | user | the owner of the file |
g | group | users who are members of the file's group |
o | others | users who are not the owner of the file or members of the group |
a | all | all three of the above, it is the same as ugo. (This is the default if no class is specified in the umask command.) |
How to change umask value using symbolic method?
Let me explain you this with few examples
# umask a+rx The above command allows read or execute permission to be enabled for all user classes; the rest of the mask bits are unchanged# umask u=rw,go= The above command allows read and write permission to be enabled for the owner, while preventing execute permission from being enabled for the owner; prevent enabling any permissions for the group and others# umask u+w,go-w The above command allows write permission to be enabled for owner; prevent write permission from being enabled for group and othersHow to set the umask value permanently?
The above methods used to set umask value are all temporary and terminal based. As soon as you switch your terminal the umask value will go back to the default one as set inside /etc/profile.You can change your default umask value by maing changes to the below files
# vi /etc/profile
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 022
else
umask 022As you can see default umask value for all uid/gid less than/greater than 200 is having 0022. In case you want to change the same, change both the values as shown below
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 077
else
umask 077Save and Exit the file
Now next time you login into a terminal or different session the new umask value would be applied which you can verify using the below command
# umask
0077You can also set the command inside your ~/.bash_profile or ~/.bashrc file so that everytime your machine boots or you open a new terminal the new umask value is updated.
To understand the difference between .bashrc and .bash_profile follow the below link
Difference between .bashrc and .bash_profile
NOTE: These two files will only be executed if you login into bash shell. For different shells there are different files which are executed every time you login.
Follow the below links for more tutorials
Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, OpenfilerTutorial for Monitoring Tools SAR and KSAR with examples in Linux
How to configure Samba 4 Secondary Domain Controller
How to secure Apache web server in Linux using password (.htaccess)
How to register Red Hat Linux with RHN (Red Hat Network )
Red hat Enterprise Linux 5.5 Installation Guide (Screenshots)
15 tips to enhance security of your Linux machine
Why is Linux more secure than windows and any other OS
What is the difference between "su" and "su -" in Linux?
What is kernel-PAE in Linux?
What is swappiness and how do we change its value?
How to log iptables messages in different log file
What are the s and k scripts in the etc rcx.d directories
How to check all the currently running services in Linux
How to auto start service after reboot in Linux
What is virtual memory, paging and swap space?