When a user creates a file, that file has the default properties and permissions. The default owner is, as it is easy to understand, the one who created the file. The default group is the primary group of that user.
The default permissions are configurable. These are defined by umask – the user mask, which can be set using the umask command. This command has an octal value representing the bits that will be removed from the value of 777 for directories, or for files from the 666 permissions when a new file is created (remember, in Linux, directories are also a sort of files).
The table below shows the effect of possible values for umask:
umask File created with permissions Folders created with permissions
000 666 (rw-rw-rw-) 777 (rwxrwxrwx)
002 664 (rw-rw-r–) 775 (rwxrwxr-x)
022 644 (rw-r-r–) 755 (rwxr-xr-x)
027 640 (rw-r—–) 750 (rwxr-x—)
077 600 (rw——-) 700 (rwx——)
277 400 (r——–) 500 (r-x——)
How to understand umask more easily
To understand it more easily, you should note that umask is a simple decrease from 777 or 666; umask is the removal of some bits. Any bit set in umask is removed from the final permissions of the future files and folders that the user will create.
Another way to understand umask is the symbolic representation. Let’s ignore, for a bit, umask; a file is created using by default 666 (octal code) that corresponds to rw-rw-rw- (the symbolic representation). In the above table, the octal value 022 of umask corresponds to the symbolic representation —-w–w-. Using the umask setting in the example above, the writing permission is subtracted from the group permissions and others. Thus, when the value 022 of the umask is applied, the newly created file permissions will be 644 (octal) or rw-r–r– (the symbolic representation). The write permissions were dropped from the group permissions and other by the umask setting.
The octal and symbolic representation of those written in the above paragraph:
• octal: 666 – 022 = 644 (644 will be the default permission with which the new files will be created) or 777 – 022 = 755 (755 will be the default permission with which the new directories will be created)
• symbolic: rwxrw-rw- minus —-w–w- results rwxr–r– (or 644 – for files);
rwxrwxrwx minus —-w-w- results rwxr-xr-x (or 755 – for directories)
Ordinary users can run the umask command to change the permissions of the new files and folders created. The root user can also change the default settings for all users in the system by editing a configuration file. Normally, the /etc/profile file contains the umask command.
Most Linux distributions use 002 or 022 for umask.
Practical examples of umask
To find out what value umask uses your distribution, you will enter a simple umask command without any parameter. The umask value is displayed with 4 digits (the first represents the octal value for SUID, SGID or the sticky bit):
umask
0022
To change the umask value, you’ll use all the four-digit octal code. Remember to recheck if these are the bits you want to remove from the file and directory permissions. Enter the umask command followed by the desired code on the same line:
umask 0002
umask
0002
By entering the umask command with the -S flag, the symbolic value of the permissions with which the new directories will be created will be displayed:
umask -S
u=rwx, g=rwx, o=rx