umask

Display the current mask in octal notation

$ umask

$ umask -S

$ umask [a+r]

$ umask [077]

umask [-p] [-S] [mask]

-p
    Displays the current umask in a reusable octal format, suitable for input to the command. This is often used in shell scripts to save and restore the umask.

-S
    Displays the current umask in a symbolic representation (e.g., `u=rwx,g=rx,o=rx`). This format is more human-readable than the octal value, showing which permissions are allowed after the mask is applied.

mask
    An octal value (e.g., `022`, `002`) used to set the new umask. If this argument is omitted, the command will display the current umask.

The umask (user file-creation mode mask) command is a crucial Linux utility that controls the default permission settings for newly created files and directories. When a new file or directory is created, it is initially given a set of maximum permissions: 666 (rw-rw-rw-) for files and 777 (rwxrwxrwx) for directories. The umask value then acts as a "mask" that removes permissions from these defaults.

The umask value is an octal number. Each digit represents permissions for the owner, group, and others, respectively. A `0` in a umask digit means no permissions are masked for that category, while a `1` masks execute, `2` masks write, and `4` masks read. For example, if the umask is `022`, it means write permissions for the group and others are removed. Thus, a new file would be created with `666 - 022 = 644` (rw-r--r--) and a new directory with `777 - 022 = 755` (rwxr-xr-x).

umask is typically set at login time, often through shell initialization files like .bashrc or .profile, ensuring that all subsequent file creations by that user adhere to a defined security policy. It's important to understand that umask removes permissions; it cannot add them. Setting an appropriate umask is a fundamental security practice to prevent overly permissive defaults.

umask subtracts permissions. It cannot be used to grant permissions that are not present in the default 666 (for files) or 777 (for directories). For example, a umask of `000` results in `666` for files and `777` for directories, which are the maximum defaults.

The umask is a per-process setting. When set in a shell, it affects all child processes started from that shell. It is not a global system setting unless configured system-wide (e.g., via /etc/profile or /etc/login.defs).

Applications can programmatically override the umask for specific file creations, though this is less common for general-purpose tools.

When viewing the umask, the octal output (e.g., `0022`) is the most common. The leading zero is often omitted (e.g., `022`). The -S option provides a symbolic representation (e.g., `u=rwx,g=rx,o=rx`), which explicitly shows which permissions are allowed for the user, group, and others after the mask has been applied to the default `rwx` for directories. For example, a umask of `022` would display as `u=rwx,g=rx,o=rx` with `umask -S` because `022` masks out write for group and others from the `rwx` base.

Common default umask values include `022` (common for regular users), `002` (common for systems where users belong to a primary group that includes other users), and `027` (more restrictive, often for servers or shared environments, masking write for group and all for others). The system-wide default is often configured in files like /etc/profile, /etc/bashrc, or /etc/login.defs.

The concept of a process-specific file mode creation mask has been a fundamental part of Unix-like operating systems since their early development. The umask command itself emerged as a standard way for users to query and set this mask from the command line, often as a shell builtin. Its design reflects the Unix philosophy of providing granular control over file system permissions, ensuring that default security postures can be maintained efficiently at a user or session level. Its consistent behavior across various Unix and Linux distributions highlights its stable and critical role in system administration and user environments.

chmod(1), chown(1), stat(1), ls(1)