Reduce bottlenecks in code reviews

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Umask Command - Set File Mode Creation Mask | Online Free DevTools by Hexmos

Understand and set the umask command to control file permissions for new files and directories. Learn how to secure your system with the umask utility.

Umask Command

Understanding the Umask Command

The umask command in Linux and Unix-like systems is crucial for controlling the default file permissions that are assigned to newly created files and directories. It acts as a "user mask" or "file mode creation mask," specifying which permission bits should be turned OFF when a new file or directory is created. This is a fundamental aspect of system security and user privacy.

How Umask Works

When a new file or directory is created, the system typically starts with a default set of permissions (e.g., 666 for files and 777 for directories). The umask value is then subtracted from these defaults to determine the final permissions. For example, if the umask is 0022:

  • For files: 666 (rw-rw-rw-) - 022 (---w--w-) = 644 (rw-r--r--)
  • For directories: 777 (rwxrwxrwx) - 022 (---w--w-) = 755 (rwxr-xr-x)

A common and recommended umask for enhanced security is 0077. This setting ensures that new files are created with 600 (owner read/write) permissions and directories with 700 (owner read/write/execute) permissions, effectively preventing group and other users from accessing them.

Setting and Displaying Umask

You can use the umask command in two primary ways:

  • To set the umask: umask [octal_value]. For instance, umask 0077 sets the mask to restrict permissions. The leading zero is optional unless specifically needed.
  • To display the current umask: Simply type umask without any arguments.

The umask setting is typically applied to the current user's session. For persistent changes, you would usually configure it in shell startup files like .bashrc or .profile. 

# umask
# Display or set file mode mask

# Unless configured otherwise, this will set the umask ("user mask" or "file
# mode creation mask") for only the current user, and only his or her current
# session. The (one) leading zero is optional, unless you otherwise need it.
#
# This umask setting is actually recommended for security by major Linux distributions
# like RHEL, Debian and Arch Linux.
#
# The result of '0077' being -- and I'll use standard octal with which we're
# all probably familiar -- that all new files are created using the '600'
# permissions, and directories are '700'.
#
# Remember, the standard format means 4=read, 2=write, and 1=execute.
# However, the umask uses the same, but is inverted, so a umask of '077' would
# be 700, and correctly lowers to 600 when it's just a file.
umask 0077

# Akin to above, but instead, output the current umask setting.
umask

External Resources

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments