Linux What is umask (user mask) for file and directory creation permissions and how to calculate umask and change the defaults

umask are the default permissions that are applied when a file or directory are created.  To see this in action simply just "touch filename" or "mkdir somedir" and you'll see what default permissions are applied.

The first thing I always tell people you should know is to NEVER change the defaults unless you are making them more restrictive.  But they work well and if you change the defaults you could end up creating a file without permission to read or write it which could break some scripts.  If you made things less restrictive it is a security issue in my opinion.

It is said umask is the reverse or opposite of standard permissions but before we explain how to calculate them let's see what happens with the default umask settings.

As we can see the defaults as with most Unix systems are 022:

[root@evohostingtor2017 umasktest]# umask

Knowing this let's check the default creation permissions of a file and directory below:

[root@evohostingtor2017 umasktest]# mkdir umaskdir
[root@evohostingtor2017 umasktest]# touch umaskfile


[root@evohostingtor2017 umasktest]# ls -alh

drwxr-xr-x 3 root root 4.0K Oct 31 18:55 .
drwxrwxrwt 5 root root 4.0K Oct 31 18:55 ..
drwxr-xr-x 2 root root 4.0K Oct 31 18:54 umaskdir
-rw-r--r-- 1 root root    0 Oct 31 18:55 umaskfile

The results are the following:

Directory permissions = 755

File permissions = 644

Why Doesn't Umask 0 or other modes with execute result in an executable file permission?

Let's go back to the answer above and now explain how umask is calculated and files and directories.

umask is about restricting permissions, in essence this means there are maximum permissions you can subtract from (not add to).   What umask is doing is subtracting the values from the maximum possible permissions (more on that below).

umask like normal permissions still uses octal values:

0=read, write, execute
1=read, write
2=read, execute
4=write, execute
7=no permissions

How do we calculate umask values?

The values are calculated different for files vs directories.

Directories: Maximum possible permissions are 777 (read, write, execute)

Files: Maximum possible permissions are 666 (read, write)

*Note execute is NOT possible to set during file creation.

How We Calculate umask

Let's take our default of 022.

Directories: ( 777 - 022 ) = 755

Files: (777 - 022) = 644 (we always drop any 1's/execute bits because files cannot have execute permissions upon creation due to POSIX restrictions).

More calculations (033):

Directories: (777-033) = 744

Files: (777-033) = 644 (oops remember to drop the 1 from the 7)


Directories: (777-026) = 751

Files: (777-026) = 640

Basically all we do is take the last 3 numbers and subtract them from the maximum possible permissions (aside from files where we drop a 1 for execute since it is not possible ).

 Useful Quiz Here:

What about the leading 0 (something that I don't like to talk about and recommend almost never be used)

It can have a maximum value of 7 like the rest of umask.

SETUID=4 (allows the file to be executed as the owner even when another user or group accesses it)

SETGID=2 (allows the file to be executed as the group even when another user or group accesses it)

uid or gid being set represents itself as a small "s" and if you see it with a capital "S" it means it takes no effect (this means the user or group does not have execute permissions).

Sticky Bit=1  (makes it so only the owner can delete or move it).

sticky bit is represented by a small "t" if it takes effect where other has execute permissions (otherwise it takes no effect and will show as a capital "T").



linux, umask, user, directory, creation, permissions, calculate, defaultsthe, defaults, restrictive, creating, scripts, default, settings, unix, evohostingtor, umasktest, mkdir, umaskdir, umaskfile, ls, alh, drwxr, xr, oct, drwxrwxrwt, rw, doesn, modes, execute, executable, calculated, directories, restricting, essence, maximum, subtract, subtracting, octal, vs,

Latest Articles

  • virt-resize: error: libguestfs error: could not create appliance through libvirt.
  • Asterisk Does Not Retry When Authentication Fails
  • Linux Debian Ubuntu How To Install PEPPER Faster and Latest Adobe Flash Player in Firefox
  • How To Speed Up Linux Ubuntu and Debian Based Computers By Improving CPU Performance and Changing the CPU Governor
  • Convert data or file to base64 on a single line
  • Linux Mint Ubuntu Debian radeon slow 2D performance issues radeon_dp_aux_transfer_native: 158 callbacks suppressed
  • mdadm: super0.90 cannot open /dev/sdb1: Device or resource busy mdadm: /dev/sdb1 is not suitable for this array.
  • How To Install NextCloud on Centos 7 and Centos 8
  • AH01630: client denied by server configuration:
  • ERROR: Could not find a version that satisfies the requirement PIL (from versions: none) ERROR: No matching distribution found for PIL
  • ZTE Camera Cannot Work unable to connect to camera. Camera has been disabled becaue of security policies or is being used by other apps
  • QEMU KVM how to boot off a physical CD/DVD/BDROM Drive
  • How To Install OpenProject on Centos 7 Step-by-Step Guide
  • Ubuntu Debian Linux Cannot Install Wine Solution - wine1.6 : Depends: wine1.6-i386 (= 1:1.6.2-0ubuntu14.2) but it is not installable wine1.4 : Depends: wine1.6 but it is not going to be installed
  • How To Install python 3.4 3.5 and up on Linux with wine - Working Solution
  • using Xvfb on virtual remote ssh server to have X graphical programs work
  • ssh Received disconnect from port 22:2: Too many authentication failures
  • named bind errors - DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'
  • OpenVZ vs LXC DIR mode poor security in LXC
  • httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/ into server: /lib64/ symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.s