Linux What is umask (user mask) for file and directory creation permissions and how to calculate umask and change the defaults

umask are the default permissions that are applied when a file or directory are created.  To see this in action simply just "touch filename" or "mkdir somedir" and you'll see what default permissions are applied.

The first thing I always tell people you should know is to NEVER change the defaults unless you are making them more restrictive.  But they work well and if you change the defaults you could end up creating a file without permission to read or write it which could break some scripts.  If you made things less restrictive it is a security issue in my opinion.

It is said umask is the reverse or opposite of standard permissions but before we explain how to calculate them let's see what happens with the default umask settings.

As we can see the defaults as with most Unix systems are 022:

[root@evohostingtor2017 umasktest]# umask
0022

Knowing this let's check the default creation permissions of a file and directory below:

[root@evohostingtor2017 umasktest]# mkdir umaskdir
[root@evohostingtor2017 umasktest]# touch umaskfile

 

[root@evohostingtor2017 umasktest]# ls -alh
 


drwxr-xr-x 3 root root 4.0K Oct 31 18:55 .
drwxrwxrwt 5 root root 4.0K Oct 31 18:55 ..
drwxr-xr-x 2 root root 4.0K Oct 31 18:54 umaskdir
-rw-r--r-- 1 root root    0 Oct 31 18:55 umaskfile

The results are the following:

Directory permissions = 755

File permissions = 644

Why Doesn't Umask 0 or other modes with execute result in an executable file permission?

Let's go back to the answer above and now explain how umask is calculated and files and directories.

umask is about restricting permissions, in essence this means there are maximum permissions you can subtract from (not add to).   What umask is doing is subtracting the values from the maximum possible permissions (more on that below).

umask like normal permissions still uses octal values:

0=read, write, execute
1=read, write
2=read, execute
3=read
4=write, execute
5=write
6=execute
7=no permissions

How do we calculate umask values?

The values are calculated different for files vs directories.

Directories: Maximum possible permissions are 777 (read, write, execute)

Files: Maximum possible permissions are 666 (read, write)

*Note execute is NOT possible to set during file creation.

How We Calculate umask

Let's take our default of 022.

Directories: ( 777 - 022 ) = 755

Files: (777 - 022) = 644 (we always drop any 1's/execute bits because files cannot have execute permissions upon creation due to POSIX restrictions).

More calculations (033):

Directories: (777-033) = 744

Files: (777-033) = 644 (oops remember to drop the 1 from the 7)

(026)

Directories: (777-026) = 751

Files: (777-026) = 640

Basically all we do is take the last 3 numbers and subtract them from the maximum possible permissions (aside from files where we drop a 1 for execute since it is not possible ).

 Useful Quiz Here: http://www.webune.com/forums/umask-calculator.html

What about the leading 0 (something that I don't like to talk about and recommend almost never be used)

It can have a maximum value of 7 like the rest of umask.

SETUID=4 (allows the file to be executed as the owner even when another user or group accesses it)

SETGID=2 (allows the file to be executed as the group even when another user or group accesses it)

uid or gid being set represents itself as a small "s" and if you see it with a capital "S" it means it takes no effect (this means the user or group does not have execute permissions).

Sticky Bit=1  (makes it so only the owner can delete or move it).

sticky bit is represented by a small "t" if it takes effect where other has execute permissions (otherwise it takes no effect and will show as a capital "T").

 


Tags:

linux, umask, user, directory, creation, permissions, calculate, defaultsthe, defaults, restrictive, creating, scripts, default, settings, unix, evohostingtor, umasktest, mkdir, umaskdir, umaskfile, ls, alh, drwxr, xr, oct, drwxrwxrwt, rw, doesn, modes, execute, executable, calculated, directories, restricting, essence, maximum, subtract, subtracting, octal, vs,

Latest Articles

  • Unable to mount location Failed to retrieve share list from server: Connection timed out - Samba/Linux Filesharing Not working Ubuntu Mint Linux Solution
  • How To Resize, Reduce a Video to a Specific Size and Quality Ubuntu Linux using ffmpeg
  • vi how to delete all lines in the file
  • Linux Mint / Ubuntu 20 Intel I219 NIC disconnects
  • Linux can't boot/grub boot loader screen with no options solution
  • EFI PXE grub2 Howto guide for Linux EFI PXE Booting on Debian, Mint, Ubuntu, RHEL
  • Aruba/HP/Dell IAP Wireless Controller Common Default Passwords
  • Debian, Mint Ubuntu how to remove package and associated config files
  • Linux Grub not booting the intended kernel solution in Debian, Mint, Ubuntu how to specify which kernel to boot by default
  • QEMU KVM Keyboard Problems Not Working Right Repeating Characters, Ctrl+C Copy and Paste not working right when using PS2 mouse in guests Solution
  • Linux how to compile binary with static sharedobjects embedded instead of dynamic to use on multi-distributions and avoid glibc compatiblity issues
  • /bin/sh: msgfmt: not found error solution on Linux Compilation Ubuntu Debian Mint Centos
  • Mikrotik RouterOS CHR/ISO Basic and Quick Setup Howto Guide
  • qemu 4 compilation options
  • CentOS 7 8 PXEBoot Netinstall Not Working Solution "Pane is dead "new value non-exisetnt xfs filesystem is not valid as a default fs type"
  • CentOS 6 EOL yum repo won't work Error: Cannot find a valid baseurl for repo: base Solution
  • CentOS 7 8 How To Disable SELinux
  • Wordpress How To Add Featured Image To Post in Hueman Theme
  • kdenlive full reset how to erase all config files
  • CentOS 7 8 yum error Trying other mirror. To address this issue please refer to the below wiki article