Controlling Initial File / Directory Permissions
When new files and directories are created in Linux, default permissions are initially set. These permissions are calculated by taking the default permissions of the files/directories created and subtracting the umask value from it. The umask is a four-digit octal number that represents the value of permissions that will be masked out. In other words, permissions specified in the umask represent the permissions that will be automatically withheld when you create a new file.
Files and directories have different default permissions when they are created. The default permissions applied to files is 666. For directories, the default permissions are 777. The following example illustrates the process of how initial file permissions are calculated:
666 Default File permission. -002 Umask value ---- 664 Initial file permission (rw-rw-r--)
Viewing and Setting the umask Value
The umask command is the utility that is provided to view or change the current umask. The umask comes preset in configuration files and to view the current umask issue the command without any options:
$ umask 0002
The umask may be changed at any time simply by typing umask followed by the new desired value:
$ umask 0022 $ umask 0022
The root users’ account has a default umask of 0022 subsequently, all files created by root have default permissions of 644 (rw-rw-r–) allowing only read access to anyone other than root.