Linux operating system automatically assigns default file permissions when you create a new file or a directory. The umask or user file mode creation mask can be used to define and assign these default permissions for every user.
In this tutorial, we will learn about the umask command and how to use it to define default file permissions.
What is umask and how does it Work
The term mask defines permission grouping, which controls how permissions are set for newly created files and directories. The umask command is used to assign default permissions to files and directories.
The term umask means either of the following things:
- A user-defined file creation mask. A file creation mask can be used to choose how to control permissions. This mask relates to the default system permissions and updates them. The umask command applies this mask.
- The umask command that sets the default umask value either in octal format or symbolic format.
The umask command defines default system file and directory permissions, which are divided into three categories:
- User: Defines owner permissions. The user who creates the file or folder is the default owner.
- Group: Defines group permissions for a Linux group that share the same permissions for a file or directory.
- Other: Defines permissions for anyone who is not the owner and is not part of the group. When these permissions are set, anyone can access the files and folders. We generally call them world-readable files and directories.
The following figure explains how the umask and permissions work:
1. User permissions - The user has read and write permissions on the file.
2. Group permissions - Group has read and write permissions on the file.
3. Other permissions - Others have only read permissions on the file.
4. Hard links - 1 hard link is created for this file.
5. Owner user name - Name of the owner user.
6. Owner group - Name of the owner group.
7. Size - Total size of the file in bytes.
8. Date/time last modified - Last modified date and time of the file.
9. File/directory name - Name of the file.
Every bit in the umask corresponds to an octal umask value. For example, rw-rw-r has the following values:
- Owner: rw- = 4+2+0=6
- Group: rw- = 4+2+0=6
- Other: r-- = 4+0+0=4
RWX in the mask means the ability to read, write, and execute. The execute permission does not apply to the files.
Difference between umask and chmod
The umask command and chmod commands are both used to set permissions in Linux, but they are inherently different from each other.
The umask command changes the default permissions and thus the permissions set using this command are automatically applied to all the newly created files and directories.
The chmod command changes permissions for the existing files and folders. For example, if you assign ownership of the file named services to user tom and group adm, then the change will be limited to services file only. It will not affect any other file on your system.
The umask command affects permissions for the entire system, whereas the chmod command affects permissions of only the specified files.
umask Command
The umask command is used to set the default umask value for files and folders in your Linux computer. All the newly created files and directories on your system will use the permissions defined by the umask command.
Use the umask command without any options to check the current mask:
umask
0002 means that the first digit 0 is known as a sticky bit, which is a special security feature. Next three digits denote the octal umask value of the file or directory umask.
Umask Command Syntax
The basic syntax of the umask command:
umask [-p] [-S] [mask]
Umask Options
You can use the following options with umask:
| Options | Description |
|---|---|
mask | Represents the new mask you are applying in an octal format. |
-p | Displays the current mask with the umask command. You can copy it for future reference. |
-S | Displays symbolic umask value of the current mask. |
Umask Value
The umask value is represented in both symbolic and numeric formats.
The symbolic format is represented in the rwx (read-write-execute) format. The leftmost character is for read permissions, the middle character is for write permission, and the rightmost character is for execute permission. For example, if symbolic umask is set to r-- for the owner, then the owner will have only the read permissions on the particular file or directory.
The octal mode umask values are described in the following table:
| Permission | Octal Value | Binary Value | Description |
|---|---|---|---|
| - | 0 | 000 | No permission |
| -x | 1 | 001 | Only execute permissions |
| -w- | 2 | 010 | Only write permission |
| -wx | 3 | 011 | Write and execute permissions |
| r- | 4 | 100 | Only read permissions |
| r-x | 5 | 101 | Read and execute permissions |
| rw- | 6 | 110 | Read and write permissions |
| rwx | 7 | 111 | All permissions- read, write, and execute |
Umask Value for Files and Directories
Before changing the umask value on your system, you must understand its impact on the default file and folder permissions.
The default system permissions for files is 666 (rw-rw-rw-) and for directories is 777 (rwxrwxrwx).
The default mask value is 002. It changes folder permissions to 777-002 = 775 (rwxrwxr-x) and file permissions to 666-002 = 664 (rw-rw-r--).
The final umask value results by subtracting the default mask value from the default system values (777 and 666).
Setting the Umask Values
To set folder permissions for owner, group, and others to read, then we need to set umask to 333:
umask 0333
You can also use symbolic values to set umask:
umask u=rwx,g=rwx,o=r
Where:
u sets permission for the user/owner.
g sets permission for the group.
o sets permissions for others.
The command only sets the specified file permissions. For example, for others we want to assign only read permissions, so we specify a symbolic value of only read (r).
Conclusion
In this tutorial, we learned about umask command and how to use it. You must be very careful while setting the umask value because it affects the security of your entire system.
Comments