IntroductionWhen creating a new file or directory, Linux applies the default set of permissions. The
umaskcommand lets you change these default permissions.In this tutorial, you will learn what umask is, how it works, and how to use it to set up file and directory permissions for individual users or groups.
- Linux-based system (e.g., Ubuntu, CentOS, Debian)
- A user account with sudo privileges
- Access to the command terminal
Umask OverviewThe term umask refers to two things:1. The Linux
umask(user file-creation mode) is a Linux command that lets you set up default permissions for newly created files and folders.2. A user-defined permissions ‘mask’. A user can choose how to restrict permissions by using a permissions mask. A permission mask interacts with the default system permissions and changes them. The
umaskcommand is used to apply this mask.
How Does Umask Work?The
umaskcommand works by affecting the default Linux file and folder permissions.There are three categories of permissions for every file and folder in Linux:
- User: Defines permissions for each individual user. By default, the user who creates a file or folder is set as the owner.
- Group: Defines permissions for a group of users that share the same level of access.
- Other: Defines permissions for anyone not included in the two previous categories.
Each line of the output starts with a 10-character string detailing permissions. Breaking down the highlighted entry, this string consists of the following elements:
d: Indicates the file type (directory).
rwx: Indicates user permissions (read, write, and execute).
r-x: Indicates group permissions (read and execute).
r-x: Indicates other permissions (read and execute).
The umask Command SyntaxUsing the
umaskcommand without additional command options returns the current mask as the output: The
umaskcommand uses the following syntax:
umask [-p] [-S] [mask]
[mask]: The new permissions mask you are applying. By default, the mask is presented as a numeric (octal) value.
[-S]: Displays the current mask as a symbolic value.
[-p]: Displays the current mask along with the
umaskcommand, allowing it to be copied and pasted as a future input.
Symbolic and Numeric umask ValuesAs we mentioned in the example above, umask can be displayed as a numeric (octal) or symbolic value.A mask can have the following numeric, and the corresponding symbolic, values:
|3||Write and execute|
|5||Read and execute|
|6||Read and write|
|7||Read, write, and execute|
How to Calculate Umask ValuesLinux uses the following default mask and permission values:
- The system default permission values are 777 (
rwxrwxrwx) for folders and 666 (
rw-rw-rw-) for files.
- The default mask for a non-root user is 002, changing the folder permissions to 775 (
rwxrwxr-x), and file permissions to 664 (
- The default mask for a root user us 022, changing the folder permissions to 755 (
rwxr-xr-x), and file permissions to 644 (
777 - 444 = 333
How to Set and Update the Default Umask ValueUse the following syntax to apply a new
[mask]: The mask you want to apply, as either a symbolic or numeric value.
Setting Up a Symbolic Umask ValueSet a new umask value by using symbolic values with the following syntax:
u: Indicates user permissions.
g: Indicates group permissions.
o: Indicates other permissions.
#: The symbolic permission value you want to apply, as detailed in the table above.
Note: Never use space after comas when setting up a symbolic mask value.
There are also other operators you can use:
=: Creates specified file permissions and prohibits unspecified permissions.
+: Creates specified permissions, but does not change unspecified permissions.
-:Prohibits specified permissions, but does not change unspecified permissions.
Setting Up a Numeric Umask ValueOnce you calculate the required umask numeric value, set it up by using:
[mask]: The numeric value of the mask you want to apply.
Difference Between umask and chmodThe chmod command in Linux works in a similar way to the
umaskcommand. It too is used to define permissions for files and folders.The difference between
umaskchanges the default permissions and thus the permissions for all newly created files and folders, while
chmodsets permissions for files and folders that already exist.