Umask (a shortcut of user-file creation mode mask) is a Linux command that sets permissions for a file or directory users create. Linux uses this fundamental command to set the default permissions. When creating a new file or directory, the umask command determines the initial access level. We can count umask as a function that sets the mask, which is known as the file mode creation mask.
The next paragraphs will explain how Umask works and how to use the command with the values in different scenarios. Let’s get started!
Table of Contents
How does Umask work, and what is Syntax?
Umask works that way in that the mask is a grouping of bits, each of which restricts the corresponding permissions when the new file of directory is created. The bits in the umask command can be changed by invoking the umask command. The syntax of the umask command is the following one:
umask [OPTION]... [MODE]
Executing this command without arguments or options will return the current value. Let’s implement it:
umask
You should get output with bits like this:
root@host:~# umask 0022
This is the default mask value in many Linux distributions, and if you did not know anything about the umask command before, you probably would not know how to change it so that the fault value would be returned.
Understanding the Umask value
Now, let’s explain this value 0022 in more detail and what it actually means. When the file is created, the default permissions are set to 644; when the directory is created, the permissions are set to 755. If you wonder where these values come from, you will see in the next paragraph.
The umask value is a three-digit number where each digit is a combination of permissions:
0: read, write, and execute 1: read and write 2: read and execute 3: read only 4: write and execute 5: write only 6: execute only 7: no permissions
The full permissions for files are 666(read/write permission for all), and for directories, 777 (read/write/execute). So if the umask has its default value, we are subtracting the full permissions and the umask number:
For files: 666 - 022 = 644 For directories: 777 - 022 = 755
Now that this is clear, we can tell you how the umask default value can be changed. To change the umask value to 027, execute the following command:
umask 027
After changing it, execute the umask command again without arguments, and you will get the following output:
root@host:~# umask 0027
Let’s create a file now after we change the default umask value.
touch example.txt
Once created, list the file:
ls -alh example.txt
You will get the following output:
root@host:~# ls -alh example.txt
-rw-r----- 1 root root 0 Oct 2 example.txt
As you can see, the permissions are 640(rw-r—–) because (666 – 027 = 639 ~ 640).
Let’s create now a directory:
mkdir test ls -alh test/
You should get the following output:
root@host:~# ls -alh test/
total 8.0K
drwxr-x--x 2 root root 4.0K Oct 2 .
The permissions are 750(rwxr-x—), because (777 – 027 = 750).
Please note that the valid umask values can range from 000 to 777. For example, this is an invalid umask value:
umask 800
You will get the following output:
root@host:~# umask 800 -bash: umask: 800: octal number out of range
Here is a table briefly explaining the permission value and meaning.
| Permissions | Binary Value | Octal Value | Description |
| — | 000 | 0 | No permissions |
| –x | 001 | 1 | execute |
| -w- | 010 | 2 | write |
| -wx | 011 | 3 | write and execute |
| r– | 100 | 4 | read |
| r-x | 101 | 5 | read and execute |
| rw- | 110 | 6 | read and write |
| rwx | 111 | 7 | read, write and execute |
More About the Umask command
If you want to know more about the Umask command, you can execute the following command:
man umask
You should get the following output:
mask(2) System Calls Manual umask(2)
NAME
umask - set file mode creation mask
LIBRARY
Standard C library (libc, -lc)
SYNOPSIS
#include
mode_t umask(mode_t mask);
DESCRIPTION
umask() sets the calling process's file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used), and returns the previous value of
the mask.
The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, per‐
missions in the umask are turned off from the mode argument to open(2) and mkdir(2).
Alternatively, if the parent directory has a default ACL (see acl(5)), the umask is ignored, the default ACL is inherited, the permission bits are set based on the inher‐
ited ACL, and permission bits absent in the mode argument are turned off. For example, the following default ACL is equivalent to a umask of 022:
.
.
.
.
You will get a complete description of it.
That was it. You learned some basic and important information about the umask command on Linux OS. Of course, if you have an issue with the command, you can always contact our technical support, and our admins will help you immediately. We are available 24/7 for anyone using our Linux servers.
If you liked this post about what Umask is in Linux and how to use it effectively, please share it with your friends or leave a comment below.