Jump to navigation Jump to search

umask is the way the UNIX operating system determines what default permissions that files and directories are created with.

With no umask files are created with permissions 666 or 110110110 in binary, and directories are created with permissions 777 or 111111111 in binary. The umask is represented similarly as three digits, each representing a 3 bits. For each bit that is set to 1 in the umask the corresponding bit of any files or directories that are created is set to 0. In binary operations it is equivelent to bitwise negating the umask and then doing a bitwise and on that negation and the default for the object being created.

The three popular umasks are 022, 002 and 007.

umask 022

This as the example shows above that you will get full rwx for the user, r-x for the group and r-x for other. This is the default in almost all of our operating systems.

        777  111 111 111
  umask 022  000 010 010   
      = 755  111 101 101

umask 002

This would give full rwx for the user, full rwx for the group and give only r-x for other. This is helpful when you want your default group (or a SetGID directory) to have full control over the files and directories you create while allowing everyone else read and execute permissions.

        777  111 111 111
  umask 002  000 000 010   
      = 775  111 111 101

umask 007

This will give the user and group full rwx permissions and give other no permissions.

        777  111 111 111
  umask 007  000 000 111   
      = 770  111 111 000

umask 000

Please never use this umask as it will give full control to user, group and other. In other words it makes the directory or file world read, write and executable and can be a large security risk to you and your colleagues.

Setting umask

Your umask is tied to your current shell and can be set with the shell builtin command umask. If issued without an argument the umask will return the current umask, occasionally omitting any leading zeros. To set a umask issue the umask command with umask you want to use.

[gnorts:~] ridge% umask 
[gnorts:~] ridge% umask 002
[gnorts:~] ridge% umask

However most of the time, you find yourself in a work environment where the same umask is what you want to use all the time, and you don't want to have to think about it. In that you case you want to set your umask in your shell initialization file. For bash the initialization file is .profile or .bash_profile and for tcsh the initialization files is .cshrc or .tcshrc. These files behave mostly like scripts and the umask command can be entered without any additional syntax as seen in the example bellow:

 [derek@novelty ~]$ cat .cshrc 
 setenv EDITOR vim
 umask 002

Or for example if you use Bash you can run this command.

 echo 'umask 002' >> ~/.bash_profile