The User’s Mask
Linux, like its UNIX cousin, utilizes a single variable to establish permissions
on any file created. It’s called umask, and acronym for “user mask” or
“user file creation mask.” The umask variable assigns the default permissions to
be used, on a user by user basis, when a file is created.
On the surface, the umask system looks a bit complex. By typing umask into a
console windows, you’ll see how umask is currently set for your user. Most
likely, it’s set at 022, allowing the owner read, write and execute access, the
group and all others read and execute permissions.
If you read that last paragraph closely, you’re already starting to catch on to
the seemingly tricky umask convention. It takes into account the same set of
possible users as the normal permissions structure: owner, group and world. The
difference is in how the settings are numerically represented.
umask uses the following numbers for permissions:
0 – read, write and execute
1 – read and write
2 – read and execute
3 – read only
4 – write and execute
5 – write only
6 – execute only
7 – no permissions
Now, let’s apply this to the default we noted above: 022. The first bit is the
owner bit. Set to 0, the owner will, by default, have read, write and execute
permissions on any file created with the 022 umask variable. The second bit is
the group bit. With the umask set to 2 for the group bit, anyone in the group
will be able to read and execute the file, but not write to it. In this case,
the other (or world) bit is also set to 2, granting the same permissions as the
So how do you tweak your umask settings? Simple. Enter the command umask
followed by the new default permissions:
tony@valhalla ~ $ umask 027
This value would set the following permissions on all files I create going
owner – read, write and execute
group – read and execute
world – no permissions; cannot read, write or execute
Remember, if you chosse to tweak this setting, it will affect the permissions on
all the files you create going forward. Don’t forget that you’re setting the
default permissions when setting umask.
It’s another fine example of the complete configurability of Linux. You didn’t
know penguins were so flexible, did you?