On Linux and Unix, all new files are created with the default permission set. The umask utility allows you to view or set the creation of a file mask mode, which defines bit permissions for newly created files or directories.
It’s used by mkdir, touch, tee and other commands that create new files and directories.
Permissions on Linux
Before we proceed, let’s describe the permission model in Linux.
In Linux, each file is associated with an owner and group and permissions are assigned to three different user classes:
- The owner of the file.
- Members of the group.
- Everyone else.
There are three types of permissions that apply to each category:
- Read permission.
- Write permission.
- Execution permission.
This concept allows you to specify which users are allowed to read the file, write to the file, or play the file.
To view file permissions, use the command
ls -l dirname
drwxr-xr-x 12 linuxid users 4.0K Apr 8 20:51 dirname |[-][-][-] [------] [---] | | | | | | | | | | | +-----------> Group | | | | +-------------------> Owner | | | +----------------------------> Others Permissions | | +-------------------------------> Group Permissions | +----------------------------------> Owner Permissions +------------------------------------> File Type
The first letter represents a file type that can be a regular file (
-), Guide (
d), Symbolic link (
l) Or other special file types.
The following nine characters represent permissions, each group of three groups of three characters. The first group displays the permissions of the owner, the second the permissions of the group, and the last group displays the permissions of other users.
r Octal value
4 Means reading,
w Octal value
2 To write, x has a value of eight
1 To implement permissions and (
-) Has an octal value
0 without permission.
There are also three other types of private file permissions:
setgid And the
In the example above (
rwxr-xr-x(Means that the owner has read, written and executed the permissions)
rwx), Groups and others can read and perform.
If we provided file permissions using digital notation, we would get a number
4+2+1 = 7
4+0+1 = 5
4+0+1 = 5
When permissions are represented in digital notation, permissions can contain three or four octal numbers (0-7). The first number represents the private permission, and if it is deleted this means that no special permission has been assigned to the file. In our case this
755 Together with
0755. The first number can be any combination of 4 to
setuid, 2 for
setgid And the
1 to me
File permissions can be changed using the command
chmod And ownership by using commands
Understanding the Umask command
By default, on Linux systems, the default build permission is
666 For files, which give users, groups, and others read, write, and
777 For directories, which means the user, group, and others have read, write, and execute permissions. Linux does not allow file creation with Execute permission.
The default build permissions can be modified using the utility
umask It only affects the current jacket environment. On most Linux distributions, the default Umask value is set at the system level
pam_umask.so Or files
If you want to define different values on a per user basis, edit the shell configuration file like
~/.zshrc. You can also change the current session value by running
umask Followed by the required value.
To see the current mask value, just type
umask Without any arguments:
It will contain the output
umask It contains permission bits that will not be set on newly created files and directories.
As mentioned, then the default file build is
666 And for evidence
777. To calculate the new file permission bits, subtract the Umask value from the default value.
For example, to calculate how
uname 022 It will affect newly created files and directories, use:
666 - 022 = 644. Owners can read and edit files. Only groups and others can read files.
777 - 022 = 755. Owners can do it
cdTo a directory and can read, modify, create or delete files in the directory. Groups and others can create a CD to directories and list and read files.
You can also view mask values in symbolic notation using the options
Unlike digital notation, symbolic encoding values contain the permission bits that will be assigned to newly created files and folders.
Set the mask value
The mask file creation can be adjusted using octal or symbolic notation. To make the changes permanent, assign a value
umask New in common configuration files as files
/etc/profile Which will affect all users. Or in the user’s shell configuration file like
~/.zshrc Which will only affect the user. User files take precedence over public files.
Before making changes to grades
umaskEnsure that the new value does not pose a potential security risk. Less restrictive value in comparison
022 It should be used with great caution. For example, umask 000 means that anyone will be able to read, write, and execute all newly created files.
Let’s say we want to set more stringent permissions for newly created files and directories so that others cannot do that.
cd To the directory and read files. The permissions we want are
750 For evidence and
640 For files.
To calculate the value
umask , Just subtract the permissions you want from the default permissions:
777-750 = 027
umask What you want to represent in digital notation is
To permanently set the entire value system, open the
/etc/profile Using your text editor:
sudo nano /etc/profile
Change or add the following line at the beginning of the file:
For the changes to take effect, run the command
source Or, log out and log back in:
To check the new settings, we will create a new file and directory using
mkdir And the
mkdir dirbaru touch filebaru
If you check permission using the command
ls You will see that the new file has new permissions
750As we want:
drwxr-x--- 2 linuxid users 4096 Jul 4 18:14 newdir -rw-r----- 1 linuxid users 0 Jul 4 18:14 newfile
Another way to set the file creation mask is to use symbolic encoding. For example
umask u=rwx,g=rx,o= himself
Another way to organize mask files is to use symbolic notation. For example
umask u=rwx,g=rx,o= Together with
In this guide, we explained Linux permissions and how to use the commands
umask To set permissions for the newly created file or directory.
For more information, type
man umask At your stop.