Linux umask Command
Learn Linux umask Command with examples
Published
- Linux umask Command
- umask command Syntax
- Setting the umask value
- calculate umask values for files and directories
- Setting the Mask Value
- set the file creation mask is by using symbolic notation
Linux umask Command
In Linux, we can use “umask” command to returns, or sets, the value of the system’s file mode creation mask.
In Linux, new files are created with a default set of permissions. Specifically, a new file’s permissions may be restricted in a specific way by applying a permissions “mask” called the umask.
umask Command Syntax
The umask command is used to set permissions mask, or to show you its current value.
>> umask [-S] [mask]
| Command | Description |
| -S | Accept a symbolic representation of a mask; or return one. |
| mask | If a valid mask is specified; the umask is set to this value. If no mask is specified; the current umask value is returned. |
We can use the -l (long format) option to have ls list the file permissions for files and directories.
>> ls -l
total 23
-rw-r--r-- 1 tariq tariq 42 May 10 11:11 cities1.txt
-rw-r--r-- 1 tariq tariq 41 May 10 11:12 cities2.txt
-rw-r--r-- 1 tariq tariq 0 May 10 17:25 echo
-rw-r--r-- 1 tariq tariq 11 Apr 25 02:47 email_list_1
lrwxrwxrwx 1 tariq tariq 10 Apr 25 02:47 email_list_soft_link -> email_list
-rw-r--r-- 1 tariq tariq 13 Apr 27 01:02 file_.txt
drwxr-xr-x 2 tariq tariq 4096 Apr 21 10:44 fruits
-rw-r--r-- 1 tariq tariq 53 May 10 12:28 fruits.txt
-rw-r--r-- 1 tariq tariq 51 May 10 12:27 fruits2.txt
-rw-r--r-- 1 tariq tariq 1080 May 9 15:11 list1.txt
-rw-r--r-- 1 tariq tariq 1702 May 9 16:36 list2.txt
On each line, the first character identifies the type of entry that is being listed. If it is a dash (-) it is a file. If it is the letter d it is a directory.
The next nine characters represent the settings for the three sets of permissions.
- The first three characters show the permissions for the user who owns the file (user permissions).
- The middle three characters show the permissions for members of the file’s group (group permissions).
- The last three characters show the permissions for anyone not in the first two categories (other permissions).
There are three characters in each set of permissions. The characters are indicators for the presence or absence of one of the permissions. They are either a dash (-) or a letter. If the character is a dash, it means that permission is not granted. If the character is an r, w, or an x, that permission has been granted.
rwx represent:
| Command | Description |
| r | Read permissions The file can be opened; and its content viewed. |
| w | Write permissions The file can be edited; modified; and deleted. |
| x | Execute permissions If the file is a script or a program; it can be run (executed). |
Examples:
- ––– means no permissions have been granted at all.
- rwx means full permissions have been granted. The read, write, and execute indicators are all present.
change directory permissions in Linux
Setting the umask value
We can use the umask command to set the default permissions with which the files/directories will be created.
>> umask 543
calculate umask values for files and directories
Here, when we execute the command, the values are not directly allocated as 5 for the owner, 4 for the group members and 3 for the others, but the value we pass as an argument is subtracted from the max/full permission set. There are two full permission sets:
| Command | Description |
| File | The full permission set for a file is 666 (read/write permission for all) |
| Directory | The full permission set for a directory is 777 (read/write/execute) |
Note: The files cannot be given execution permissions by default as it can cause a security concern, and Linux systems are pretty much known for their amazing security, so that wouldn’t be good.
So, once we have set the umask value to 543, let’s see what happens when we make a directory(7-7-7) and a file(6-6-6)
Setting the Mask Value
The file creation mask can be set using octal or symbolic notation.
To make the changes permanent, set the new umask value in a global configuration file like /etc/profile file which will affect all users or in a user’s shell configuration files such as ~/.profile, ~/.bashrc or ~/.zshrc, which will affect only the user.
Note: The user files have precedence over the global files.
Before making changes to the umask value, make sure the new value doesn’t pose a potential security risk. Values less restrictive than 022 should be used with great caution.
For example, umask 000 means anyone has read, write, and execute permissions on all newly created files.
Let’s say we want to set more restrictive permissions for the newly created files and directories so others will not be able to cd to the directories and read files. The permissions we want are 750 for directories and 640 for files.
To calculate the umask value, simply subtract the desired permissions from the default one:
Umask value: 777-750 = 027
The desired umask value represented in numeric notation is 027.
To permanently set the new value system-wide, open the /etc/profile file with your text editor:
>> sudo nano /etc/profile
>> umask 027
For changes to take effect, run the following source command or log out and log in:
>> source /etc/profile
To verify the new settings, we will create one new file and directory using mkdir and touch :
>> mkdir newdir
>> touch newfile
If you check the permissions using the ls command, you will notice that the new file has 640 and the new directory 750 permissions, as we wanted:
>> ls -l
drwxr-x--- 2 linuxize users 4096 Jul 4 18:14 newdir
-rw-r----- 1 linuxize users 0 Jul 4 18:14 newfile
set the file creation mask is by using symbolic notation
Another way to set the file creation mask is by using symbolic notation.
For example umask u=rwx,g=rx,o= is same as umask 027.
>> umask u=rwx,g=rx,o=