umask are the default permissions that are applied when a file or directory are created.  To see this in action simply just "touch filename" or "mkdir somedir" and you'll see what default permissions are applied.

The first thing I always tell people you should know is to NEVER change the defaults unless you are making them more restrictive.  But they work well and if you change the defaults you could end up creating a file without permission to read or write it which could break some scripts.  If you made things less restrictive it is a security issue in my opinion.

It is said umask is the reverse or opposite of standard permissions but before we explain how to calculate them let's see what happens with the default umask settings.

As we can see the defaults as with most Unix systems are 022:

[root@evohostingtor2017 umasktest]# umask
0022

Knowing this let's check the default creation permissions of a file and directory below:

[root@evohostingtor2017 umasktest]# mkdir umaskdir
[root@evohostingtor2017 umasktest]# touch umaskfile
 

[root@evohostingtor2017 umasktest]# ls -alh
 

drwxr-xr-x 3 root root 4.0K Oct 31 18:55 .
drwxrwxrwt 5 root root 4.0K Oct 31 18:55 ..
drwxr-xr-x 2 root root 4.0K Oct 31 18:54 umaskdir
-rw-r--r-- 1 root root    0 Oct 31 18:55 umaskfile


The results are the following:

Directory permissions = 755

File permissions = 644

Why Doesn't Umask 0 or other modes with execute result in an executable file permission?

Let's go back to the answer above and now explain how umask is calculated and files and directories.

umask is about restricting permissions, in essence this means there are maximum permissions you can subtract from (not add to).   What umask is doing is subtracting the values from the maximum possible permissions (more on that below).

umask like normal permissions still uses octal values:

0=read, write, execute
1=read, write
2=read, execute
3=read
4=write, execute
5=write
6=execute
7=no permissions

How do we calculate umask values?

The values are calculated different for files vs directories.

Directories: Maximum possible permissions are 777 (read, write, execute)

Files: Maximum possible permissions are 666 (read, write)

*Note execute is NOT possible to set during file creation.

How We Calculate umask

Let's take our default of 022.

Directories: ( 777 - 022 ) = 755

Files: (777 - 022) = 644 (we always drop any 1's/execute bits because files cannot have execute permissions upon creation due to POSIX restrictions).

More calculations (033):

Directories: (777-033) = 744

Files: (777-033) = 644 (oops remember to drop the 1 from the 7)

(026)

Directories: (777-026) = 751

Files: (777-026) = 640

Basically all we do is take the last 3 numbers and subtract them from the maximum possible permissions (aside from files where we drop a 1 for execute since it is not possible ).

 Useful Quiz Here: http://www.webune.com/forums/umask-calculator.html

What about the leading 0 (something that I don't like to talk about and recommend almost never be used)

It can have a maximum value of 7 like the rest of umask.

SETUID=4 (allows the file to be executed as the owner even when another user or group accesses it)

SETGID=2 (allows the file to be executed as the group even when another user or group accesses it)

uid or gid being set represents itself as a small "s" and if you see it with a capital "S" it means it takes no effect (this means the user or group does not have execute permissions).

Sticky Bit=1  (makes it so only the owner can delete or move it).

sticky bit is represented by a small "t" if it takes effect where other has execute permissions (otherwise it takes no effect and will show as a capital "T").

linux, umask, user, directory, creation, permissions, calculate, defaultsthe, defaults, restrictive, creating, scripts, default, settings, unix, evohostingtor, umasktest, mkdir, umaskdir, umaskfile, ls, alh, drwxr, xr, oct, drwxrwxrwt, rw, doesn, modes, execute, executable, calculated, directories, restricting, essence, maximum, subtract, subtracting, octal, vs,

Latest Articles