Manage File Permissions with Umask On Linux

Umask On Linux:

Umask stands for User mask or User creation mask. When you create any new file or directory on linux system. These files get default permissions from system. This permission is provided or given by Umask configuration on linux. In simple words, it is a system default permissions for new files or directories.

Default Umask Value :

By default umask values define under the "/etc/profile" or "~/.bashrc" file. On most of the linux distros default value set to files "022".

For directory, default minimum and maximum value is "000" & "777"
For files, default minimum and maximum value is "000" & "666"

So, with a umask of 022, the default permissions for a file will become 644 (rw-r--r--, 666-022) and the default permissions for a directory will become 755 (rwx-r-xr-x, 777-022).

Below are the common umask values:

$ 000 : Full Access to Everyone or 666
$ 006 : No Access to Other or 660
$ 022 : Full Access to Owner and Read to Group & Other or 644
$ 066 : Full Access to Owner and No access to group & others or 600

Normally, you can subtract from 666 but be very careful as it may be 777. Before changing or working on umask make sure what umask value is set on your linux distro.

Use below command to view default umask value:

$ umask
0022

You can also view umask in symbolick form using,

$ umask -S
u=rwx,g=rx,o=rx


You can calculate the umask values by subtracting value with 666 or 777.

Change default value for New users:

For changing default permissions for files and directories for new user. You need to do changes in "/etc/profile" file.

Let's assumed you want to give new user '655' permission for files and '426' for directories. So you need to substract 011 from 666 and 011 from 777 to get the permissions for files and directories as per the umask value.

for eg:

666-011 = 655 [Symbolic form : rw-r-xr-x]
777-011 = 766 [symbolic form : rwxrw-rw-]

Copy these umask values and open the file "/etc/profile" or "~/.bashrc" file then append/modify with default Umask values.

vim /etc/profile

umask 011

Or

vim ~/.bashrc

umask 011

Save and close the file. Logout the user then login again the new Umask permissions will effective for user.

Use some preferred umask values for level of security:

Umask valueSecurity levelEffective permission (directory)
22Permissive755
26Moderate751
27Moderate750
77Severe700

Learn more about the Umask with help of "Umask man" Page.

I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles. 

Share if you have more information about the Umask on Linux.

Leave a Reply

Your email address will not be published. Required fields are marked *