LinuxCommandLibrary

umask

Set default file permissions

TLDR

Display the current mask in octal notation

$ umask
copy

Display the current mask in symbolic (human-readable) mode
$ umask -S
copy

Change the mask symbolically to allow read permission for all users (the rest of the mask bits are unchanged)
$ umask [a+r]
copy

Set the mask (using octal) to restrict no permissions for the file's owner, and restrict all permissions for everyone else
$ umask [077]
copy

SYNOPSIS

umask [options] [mode]

PARAMETERS

-S
    Produce symbolic output (e.g., 'u=rwx,g=rx,o=rx').

-p
    Output in a format that can be reused as input.

[mode]
    An octal number or symbolic expression representing the new umask.

DESCRIPTION

The umask command sets or displays the file mode creation mask. This mask determines which permissions will be removed from newly created files and directories. The mask is represented in octal notation. When creating a file, the system takes the requested permissions (typically 666 for files and 777 for directories) and then removes the permissions specified by the umask. For example, a umask of 022 means that write permission for group and others will be removed. The command allows users to control default permissions for their files, enhancing security. Without arguments, umask displays the current mask. With an octal number, it sets the mask. Using symbolic notation it can also set the mask based on existing permissions. The command is essential for managing file access control and maintaining a secure system.

CAVEATS

The umask only affects permissions at the time of file creation. Changing the umask after a file is created will
not alter the file's existing permissions. The umask is process-specific, meaning changes affect only the current shell and its children.

SYMBOLIC MODES

The umask can also accept symbolic modes similar to chmod. These include specifying user (u), group (g), others (o), and all (a) combined with operators like '+', '-', and '=' to add, remove, or set permissions. For example, 'u=rwx,g=rx,o=' removes all permissions for others.

STARTUP FILES

The umask command is often placed in shell startup files like .bashrc or .profile to set a user's default file creation mask across all sessions.

HISTORY

The umask command has been a standard part of Unix-like operating systems since early versions, providing a way to control file permissions at creation time. It's designed to ensure that files are created with reasonable default security settings, reducing the risk of unintentionally granting overly permissive access to sensitive data. Its importance has persisted due to the fundamental role it plays in managing file access control.

SEE ALSO

chmod(1), chown(1), setfacl(1)

Copied to clipboard