The User’s Mask

The User’s Mask

Linux, like its UNIX cousin, utilizes a single variable to establish permissions

on any file created. It’s called umask, and acronym for “user mask” or
“user file creation mask.” The umask variable assigns the default permissions to

be used, on a user by user basis, when a file is created.

On the surface, the umask system looks a bit complex. By typing umask into a
console windows, you’ll see how umask is currently set for your user. Most
likely, it’s set at 022, allowing the owner read, write and execute access, the
group and all others read and execute permissions.

If you read that last paragraph closely, you’re already starting to catch on to
the seemingly tricky umask convention. It takes into account the same set of
possible users as the normal permissions structure: owner, group and world. The
difference is in how the settings are numerically represented.

umask uses the following numbers for permissions:

    0 – read, write and execute
    1 – read and write
    2 – read and execute
    3 – read only
    4 – write and execute
    5 – write only
    6 – execute only
    7 – no permissions

Now, let’s apply this to the default we noted above: 022. The first bit is the
owner bit. Set to 0, the owner will, by default, have read, write and execute
permissions on any file created with the 022 umask variable. The second bit is
the group bit. With the umask set to 2 for the group bit, anyone in the group
will be able to read and execute the file, but not write to it. In this case,
the other (or world) bit is also set to 2, granting the same permissions as the
group.

So how do you tweak your umask settings? Simple. Enter the command umask
followed by the new default permissions:

    tony@valhalla ~ $ umask 027

This value would set the following permissions on all files I create going
forward:

    owner – read, write and execute
    group – read and execute
    world – no permissions; cannot read, write or execute

Remember, if you chosse to tweak this setting, it will affect the permissions on

all the files you create going forward. Don’t forget that you’re setting the
default permissions when setting umask.

It’s another fine example of the complete configurability of Linux. You didn’t
know penguins were so flexible, did you?

Article Written by