The user file creation mode mask (umask) is a built-in shell command that may be used to set default values for the read/write/execution permissions on newly created files. It should be executed in either the “.cshrc” or “.profile” shell startup files.
It is given a three-digit octal value, which represents the binary inverse of the permissions which may be assigned to files. This three-digit numeric argument represents the access to be “inhibited” or “masked out” when a file is created.
When a file is created, its permissions are set to what the creating program asks for minus what the “umask” setting forbids. Thus, the value it wants is the octal complemnt of the desired numeric file mode. The digits give the permissions shown below:
| Octal | Binary | Permissions |
|---|---|---|
| 0 | 000 | rwx |
| 1 | 001 | rw- |
| 2 | 010 | r-x |
| 3 | 011 | r– |
| 4 | 100 | -wx |
| 5 | 101 | -w- |
| 6 | 110 | –x |
| 7 | 111 | (none) |
Changing the “umask”
To determine the desired value, simply figure out the numeric equivalent for the file mode you want to get and then subtract it from 777.
For example, to obtain the mode 751 by default, compute 777-751=026 – this is the value you give to “umask”
% umask 026
Once this command is executed, all future files created will be given this protection automatically.
Another to calculate “umask” values is to remember that the number 2 in the “umask” turns off write permission, while the number 7 turns off read, write and execute permission.
Common “unmask” Values
By default, most UNIX versions specify an octal mode of 666 (any user can read or write the file) when they create new files. Likewise, new programs are created with a mode of 777 (any user can read, write, or execute the program).
The most common umask values are 022, 027, and 077. A umask value of 022 lets the owner both read and write all newly created files, but everybody else can only read them:
- 0666: Default file creation mode.
- 022: resultant mode.
- 0644: resultant mode.
A umask value of 077 lets only the files owner read all newly created files:
- 0666: Default file creation mode.
- 077: umask.
- 0600: resultant mode.
On many UNIX systems, the default umask is 022. This is inherited from the init process, as all processes are descendants of init.
Table of common umask settings
| umask | User Access | Group Access | Other |
|---|---|---|---|
| 0000 | all | all | all |
| 0002 | all | all | read, execute |
| 0007 | all | all | none |
| 0022 | all | read, execute | read, execute |
| 0027 | all | read, execute | none |
| 0077 | all | none | none |