umask
Set default file permissions
TLDR
Display the current mask in octal notation
Display the current mask in symbolic (human-readable) mode
Change the mask symbolically to allow read permission for all users (the rest of the mask bits are unchanged)
Set the mask (using octal) to restrict no permissions for the file's owner, and restrict all permissions for everyone else
SYNOPSIS
umask [options] [mode]
PARAMETERS
-S
Produce symbolic output (e.g., 'u=rwx,g=rx,o=rx').
-p
Output in a format that can be reused as input.
[mode]
An octal number or symbolic expression representing the new umask.
DESCRIPTION
The umask
command sets or displays the file mode creation mask. This mask determines which permissions will be removed from newly created files and directories. The mask is represented in octal notation. When creating a file, the system takes the requested permissions (typically 666 for files and 777 for directories) and then removes the permissions specified by the umask. For example, a umask of 022 means that write permission for group and others will be removed. The command allows users to control default permissions for their files, enhancing security. Without arguments, umask
displays the current mask. With an octal number, it sets the mask. Using symbolic notation it can also set the mask based on existing permissions. The command is essential for managing file access control and maintaining a secure system.
CAVEATS
The umask only affects permissions at the time of file creation. Changing the umask after a file is created will
not alter the file's existing permissions. The umask is process-specific, meaning changes affect only the current shell and its children.
SYMBOLIC MODES
The umask can also accept symbolic modes similar to chmod
. These include specifying user (u), group (g), others (o), and all (a) combined with operators like '+', '-', and '=' to add, remove, or set permissions. For example, 'u=rwx,g=rx,o=' removes all permissions for others.
STARTUP FILES
The umask
command is often placed in shell startup files like .bashrc
or .profile
to set a user's default file creation mask across all sessions.
HISTORY
The umask
command has been a standard part of Unix-like operating systems since early versions, providing a way to control file permissions at creation time. It's designed to ensure that files are created with reasonable default security settings, reducing the risk of unintentionally granting overly permissive access to sensitive data. Its importance has persisted due to the fundamental role it plays in managing file access control.