Security

What is Umask and How to Use It

What is Umask and how to use it.

Introduction

When creating a new file or directory, Linux applies the default set of permissions. The umask command lets you change these default permissions.

In this tutorial, you will learn what umask is, how it works, and how to use it to set up file and directory permissions for individual users or groups.

What is Umask and how to use it.What is Umask and how to use it.

Prerequisites

  • Linux-based system (e.g., Ubuntu, CentOS, Debian)
  • A user account with sudo privileges
  • Access to the command terminal

Umask Overview

The term umask refers to two things:

1. The Linux umask command. umask (user file-creation mode) is a Linux command that lets you set up default permissions for newly created files and folders.

2. A user-defined permissions ‘mask’. A user can choose how to restrict  permissions by using a permissions mask. A permission mask interacts with the default system permissions and changes them. The umask command is used to apply this mask.

How Does Umask Work?

The umask command works by affecting the default Linux file and folder permissions.

There are three categories of permissions for every file and folder in Linux:

  • User: Defines permissions for each individual user. By default, the user who creates a file or folder is set as the owner.
  • Group: Defines permissions for a group of users that share the same level of access.
  • Other: Defines permissions for anyone not included in the two previous categories.

Use the following command to review permissions for the home folder:

ls -l
Checking default permissions in LinuxChecking default permissions in Linux

Each line of the output starts with a 10-character string detailing permissions. Breaking down the highlighted entry, this string consists of the following elements:

  • d: Indicates the file type (directory).
  • rwx: Indicates user permissions (read, write, and execute).
  • r-x: Indicates group permissions (read and execute).
  • r-x: Indicates other permissions (read and execute).

The umask Command Syntax

Using the umask command without additional command options returns the current mask as the output:

Checking the current permission mask using the umask commandChecking the current permission mask using the umask command

The umask command uses the following syntax:

umask [-p] [-S] [mask]

Where:

  • [mask]: The new permissions mask you are applying. By default, the mask is presented as a numeric (octal) value.
  • [-S]: Displays the current mask as a symbolic value.
  • [-p]: Displays the current mask along with the umask command, allowing it to be copied and pasted as a future input.
umask command syntax example with syntax explained umask command syntax example with syntax explained

Symbolic and Numeric umask Values

As we mentioned in the example above, umask can be displayed as a numeric (octal) or symbolic value.

A mask can have the following numeric, and the corresponding symbolic, values:

0 --- No permission
1 --x Execute
2 -w- Write
3 -wx Write and execute
4 r-- Read
5 r-x Read and execute
6 rw- Read and write
7 rwx Read, write, and execute

How to Calculate Umask Values

Linux uses the following default mask and permission values:

  • The system default permission values are 777 (rwxrwxrwx) for folders and 666 (rw-rw-rw-) for files.
  • The default mask for a non-root user is 002, changing the folder permissions to 775 (rwxrwxr-x), and file permissions to 664 (rw-rw-r--).
  • The default mask for a root user us 022, changing the folder permissions to 755 (rwxr-xr-x), and file permissions to 644 (rw-r--r--).

This shows us that the final permission value is the result of subtracting the umask value form the default permission value (777 or 666).

For example, if you want to change the folder permission value from 777 (read, write, and execute for all) to 444 (read for all), you need to apply a umask value of 333, since:

777 - 444 = 333

How to Set and Update the Default Umask Value

Use the following syntax to apply a new umask value:

umask [mask]

Where:

  • [mask]: The mask you want to apply, as either a symbolic or numeric value.

Setting Up a Symbolic Umask Value

Set a new umask value by using symbolic values with the following syntax:

umask u=#,g=#,o=#

Where:

  • u: Indicates user permissions.
  • g: Indicates group permissions.
  • o: Indicates other permissions.
  • #: The symbolic permission value you want to apply, as detailed in the table above.

Note: Never use space after comas when setting up a symbolic mask value.


There are also other operators you can use:

  • =: Creates specified file permissions and prohibits unspecified permissions.
  • +: Creates specified permissions, but does not change unspecified permissions.
  • -:Prohibits specified permissions, but does not change unspecified permissions.

Setting Up a Numeric Umask Value

Once you calculate the required umask numeric value, set it up by using:

umask [mask]

Where:

  • [mask]: The numeric value of the mask you want to apply.

Difference Between umask and chmod

The chmod command in Linux works in a similar way to the umask command. It too is used to define permissions for files and folders.

The difference between umask and chmod is that umask changes the default permissions and thus the permissions for all newly created files and folders, while chmod sets permissions for files and folders that already exist.

Conclusion

After following this tutorial, you should be able to review and change umask using symbolic or numeric values.

Make sure you also take a look at our Linux command cheat sheet for more commonly used Linux commands.

Đăng ký liền tay Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !

Add Comment

Click here to post a comment

Đăng ký liền tay
Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !