≡ Menu

What is Umask and How To Setup Default umask Under Linux?

Anil ask a question (via email):

What is umask and how is it determined on a Linux system?

When user create a file or directory under Linux or UNIX, she create it with a default set of permissions. In most case the system defaults may be open or relaxed for file sharing purpose. For example, if a text file has 666 permissions, it grants read and write permission to everyone. Similarly a directory with 777 permissions, grants read, write, and execute permission to everyone.

Default umask Value

The user file-creation mode mask (umask) is use to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four-digit octal number. A umask can be set or expressed using:

  • Symbolic values
  • Octal values

Procedure To Setup Default umask

You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Linux distro set it to 0022 (022) or 0002 (002). Open /etc/profile or ~/.bashrc file, enter:
# vi /etc/profile
$ vi ~/.bashrc
Append/modify following line to setup a new umask:
umask 022
Save and close the file. Changes will take effect after next login. All UNIX users can override the system umask defaults in their /etc/profile file, ~/.profile (Korn / Bourne shell) ~/.cshrc file (C shells), ~/.bash_profile (Bash shell) or ~/.login file (defines the user's environment at login).

Explain Octal umask Mode 022 And 002

As I said earlier, if the default settings are not changed, files are created with the access mode 666 and directories with 777. In this example:

  1. The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.
  2. The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.
  3. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

In short,

  1. A umask of 022 allows only you to write data, but anyone can read data.
  2. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.
  3. A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.

But, How Do I Calculate umasks?

The octal umasks are calculated via the bitwise AND of the unary complement of the argument using bitwise NOT. The octal notations are as follows:

        • Octal value : Permission
        • 0 : read, write and execute
        • 1 : read and write
        • 2 : read and execute
        • 3 : read only
        • 4 : write and execute
        • 5 : write only
        • 6 : execute only
        • 7 : no permissions

Now, you can use above table to calculate file permission. For example, if umask is set to 077, the permission can be calculated as follows:

BitTargeted atFile permission
0Ownerread, write and execute
7GroupNo permissions
7OthersNo permissions

To set the umask 077 type the following command at shell prompt:
$ umask 077
$ mkdir dir1
$ touch file
$ ls -ld dir1 file

Sample outputs:

drwx------ 2 vivek vivek 4096 2011-03-04 02:05 dir1
-rw------- 1 vivek vivek    0 2011-03-04 02:05 file

Task: Calculating The Final Permission For FILES

You can simply subtract the umask from the base permissions to determine the final permission for file as follows:
666 - 022 = 644

  • File base permissions : 666
  • umask value : 022
  • subtract to get permissions of new file (666-022) : 644 (rw-r--r--)

Task: Calculating The Final Permission For DIRECTORIES

You can simply subtract the umask from the base permissions to determine the final permission for directory as follows:
777 - 022 = 755

  • Directory base permissions : 777
  • umask value : 022
  • Subtract to get permissions of new directory (777-022) : 755 (rwxr-xr-x)

How Do I Set umask Using Symbolic Values?

The following symbolic values are used:

  1. r : read
  2. w : write
  3. x : execute
  4. u : User ownership (user who owns the file)
  5. g : group ownership (the permissions granted to other users who are members of the file's group)
  6. o : other ownership (the permissions granted to users that are in neither of the two preceding categories)

The following command will set umask to 077 i.e. a umask set to u=rwx,g=,o= will result in new files having the modes -rw-------, and new directories having the modes drwx------:
$ umask u=rwx,g=,o=
$ mkdir dir2
$ touch file2
$ ls -ld dir2 file2

Sample umask Values and File Creation Permissions

If umask value set toUser permission Group permissionOthers permission
027allread / executenone

all = read, write and executable file permission

Limitations of the umask

  1. The umask command can restricts permissions.
  2. The umask command cannot grant extra permissions beyond what is specified by the program that creates the file or directory. If you need to make permission changes to existing file use the chmod command.

umask and level of security

The umask command be used for setting different security levels as follows:

umask valueSecurity levelEffective permission (directory)

For more information about the umask read the man page of bash or ksh or tcsh shell:
man bash
help umask
man chmod

Updated for accuracy!

Share this on:

{ 103 comments… add one }

  • Dmitry February 7, 2007, 2:53 pm

    Reply from text:
    To calculate file permission for 022 (root user):
    Default Permissions: 777

    To calculate directory permission for 022 umaks (root user):
    Default Permissions: 666

    It’s wrong, isn’t it?
    The right answer is:

    To calculate _file_ permission for 022 (root user):
    Default Permissions: _666_
    To calculate _directory_ permission for 022 umaks (root user):
    Default Permissions: _777_

    • Deepak February 25, 2011, 1:30 pm

      You are right. I had this doubt and was going over and over more than once. It is a typo.

  • WGriffin March 8, 2007, 2:00 pm

    The title says “How to setup default umask”
    You never mention how to actually set the default up.

  • nixCraft March 8, 2007, 3:11 pm


    Opps. Post has been updated. Thanks for heads up!

  • RAHUL January 1, 2008, 3:10 pm

    Yes Guy !

    Its an excellent site for newbie.
    I like it most…

    I think its help all Linuxx user.

  • ahmed March 28, 2008, 4:44 am

    thanks. very helpful

  • posicionamiento June 9, 2008, 3:53 pm

    thanks guys….
    I like such short tutorials …;)

  • niez June 25, 2008, 7:50 pm

    Hi there!

    I’ve tried changing umask on my GNU/Linux box (Gentoo). Is’s look like 0000 and 0111 is the same mask. What’s going on?

  • Raghu June 27, 2008, 1:14 pm

    Default (initial) Run level for root?

  • Sunny Thakur June 30, 2008, 10:16 am

    I have done this thing 3 times….but not any affect on umask default permissions.
    i used :
    # umask 0077 command for temporarily umask….

  • sushil September 17, 2008, 6:28 am

    permissions for files are as follows

    777 – Executable files
    666 – Text files

  • Freebsd_man December 6, 2008, 4:34 pm

    You say: For directories, the base permissions are (rwxrwxrwx) 0777 ….

    and then you calculated:

    To calculate directory permission for 022 umaks (root user):
    Default Permissions: 666

    nonsense ?

  • georgh January 8, 2009, 11:34 pm

    I know this is a very old post, but I would like to correct one thing if someone lands here from a search engine:

    According to the DebianDesktopHowTo the value for UMASK has to be changed in both /etc/profile and /etc/lgin.defs. This howto has a specific section about permissions in a shared computer.

    Thanks for posting this.

  • georgh January 8, 2009, 11:34 pm

    I meant login.defs.


  • jeet January 27, 2009, 10:20 am

    but again que is that can we change the default permission permanently? tell now

  • Caleb Cushing ( xenoterracide ) February 26, 2009, 12:40 pm

    0027 all r/w none

    um… this would be all r/x none

    removing 2 removes write.

  • Steven March 3, 2009, 10:11 am

    Hello guys, thanx for your valuable input however i need to make the php files created by my app rwxrwxr– by default.

    How can I get to do that?

  • navin March 9, 2009, 5:33 am

    very helpful thanks a ton

  • Umask Executable March 17, 2009, 6:44 pm

    Steven: Umask cannot typically be used to default new files to executable. You need to use chmod instead.

  • KAPIL AHIRE April 10, 2009, 7:37 am


  • Abhinav Chittora May 4, 2009, 7:33 pm

    I am using fedora9 and having trouble with system. when I create a file as root then the file have permission rw-rw—- I have to change permission each time….

    I want to change umask but when I tried it with umask 000 then the default permission are rw-rw-rw- not rwxrwxrwx. I want the permission rwxrwxrwx how to set it as default?

  • kailas kadam May 5, 2009, 6:54 am

    this is very good site to understand umasks

  • senthilkumar.k June 18, 2009, 5:04 am

    The umask explanation is very useful for beginners
    note :
    directory default mask : 022
    permission ( means rwx) : 777
    actual permission value is : 777 – 022 = 755

  • doug June 19, 2009, 1:34 pm

    execute permission is never defaulted on a file (hence 666 base) … it is defaulted for a directory (hence 777 base) so access to the directory is there.

    so 027 does result in all r/w none for a file but all r/w/x none for a diretory.

  • doug June 19, 2009, 1:36 pm

    for a file 000 and 111 are the same as 111 masks off execute permission and the base permission is 666 – 000 === 666 – 111.

  • doug June 19, 2009, 1:39 pm

    oops 027 for a file is all r none no ‘w’

  • kurinchi blogger June 30, 2009, 3:24 am

    To return the default permission setting type umask with no options
    $ umask

    Having known the umask value, try creating a directory and a file and check what the file settings are

    $ mkdir tempdir1

    $ ls -l
    drwxr-xr-x 2 root root 4096 2009-06-29 10:42 tempdir1

    $ touch tempfile1

    $ ls -l
    drwxr-xr-x 2 root root 4096 2009-06-29 10:42 tempdir1
    -rw-r–r– 1 root root 0 2009-06-29 10:43 tempfile1

    Change the umask and again create a directory and a file and check the file permission settings

    $ umask 027
    $ umask

    $ mkdir tempdir2
    $ ls -l
    total 12
    drwxr-x— 2 root root 4096 2009-06-29 10:40 tempdir2

    Now the directory tempdir2 has a permission setting of 750

    $ touch tempfile2
    $ ls -l
    drwxr-x— 2 root root 4096 2009-06-29 10:40 tempdir2
    -rw-r—– 1 root root 0 2009-06-29 10:40 tempfile2

    Now the file tempfile2 has a permission setting of 640

    Now, let us see how the file permission settings are calculated using boolean expressions after we have issued a umask with 027.

    For the directories, you need to take the 1’s complement of the umask value and perform a logical AND operation with 0777.

    For e.g. consider the case where we have umask value of 027 – 0000 0000 0010 0111
    1’s complement of 027 – 1111 1101 1000

    For directories perform logical AND operation with 0777 (0000 0111 0111 0111). So

    1111 1101 1000 (1’s complement of 027)
    0111 0111 0111 (0777)
    0111 0101 0000 = 0750

    For files, perfom logical AND operation with 0666 (0000 0110 0110 0110), so

    1111 1101 1000 (1’s complement of 027)
    0110 0110 0110 (0666)
    0110 0100 0000 = 0640

    Try different combinations on files, directories to get a clear picture on how umask is applied on files.

    • boilermaker October 12, 2011, 4:19 pm

      Now there’s an explanation which makes total sense :)
      Thanks Vivek, for inaugurating the topic. And thanks kurinchi blogger for explaining it fully.
      I was getting hung up on Vivek’s post where he says – to calculate file permissions, subtract umask from 666 – the default permission for file. Except that sometimes umasks can be like 027, in which case you get a -ve number in the last octal?
      “You can simply subtract the umask from the base permissions to determine the final permission for file as follows:
      666 – 022 = 644”

  • vipin July 25, 2009, 11:18 am

    thanks sir

  • Dinesh Jadhav August 4, 2009, 7:33 am

    Hey all,
    In /etc/profile is not accepting umask, You have to change in /etc/bashrc,

    ther is a string umask 002 and umask 022 we have to cahnge that.

    thats it…….

  • Zia September 28, 2009, 4:36 am

    Can we set umask values to 008 , if not why ?

    Could you please answer this question .

    • Harshit February 28, 2012, 11:32 am

      umask values are in octal.
      8 no. doesnt inlude in octal.
      thats y..!!

      • Nima March 19, 2013, 1:04 pm

        Good One ..Simple

  • Matt September 28, 2009, 9:17 pm

    Subtract 8 from 7, what do you have? -1. That’s not valid.

  • Amit September 29, 2009, 9:14 pm

    How can we convert .txt file into .sh file in unix , please answer.

  • kymera October 19, 2009, 9:12 pm

    How can I set the default umask for users that are authenticated via Winbind connection?

  • ritz October 26, 2009, 4:07 am

    Hello, i’m a computer science student.
    I needed a C language program for unmasking file permission.

  • pallavee November 23, 2009, 5:34 am

    why umask value doesnot effect on home directory? Please help

  • Claude December 3, 2009, 2:40 pm

    How to setup umask for users that can’t login (/sbin/nologin) like the “apache” user?

  • dORKO! March 30, 2010, 7:25 pm

    zia, matt,

    these are octal digits, you can not have a legitimate digit with value 8, only 0-7.

  • CT June 5, 2010, 2:22 pm

    Isn’t that:
    the default permission for directory is 777 while
    the default permission for file is 666???

    For file, if we do umask 077 or umask 066, we will get the same result???

    Isn’t that we can never create a file with “x” permission pre-set?

    I’m not tricking you,
    I really want to ask.
    I’m only a student who forgot almost everything my teacher taught (:P)
    I just remember a little bit, and just checked on this on…

    Please tell me if I’m wrong.. would love to correct my mind ^^
    Best regards,

  • rajib July 19, 2010, 8:42 pm

    Hi kurinchi blogger i didn’t get that compliment method can u just help me on that ………….

  • sreedhar November 3, 2010, 8:31 am

    What a nice tutorial

  • yer32 November 27, 2010, 2:48 pm

    the math involved with umask need to be done in bin not octal base. here it is
    apply umask 033 to default file permissions.
    default file permissions 666
    default folder permissions 777
    0666 =
    0033 =
    make complement of 0033 (consist in change all 0 to 1 and all 1 to 0)
    complement of 0033 =
    no apply AND between the default permission and the complement
    (AND result 1 when both are 1 or 0 if any are 0)
    default perms of 666 =
    complement of 0033 =
    AND result =

    now convert the result to octal
    this is to show that the operation is not using octal, it is using binary instead.

    • Harshit February 28, 2012, 11:45 am

      in this all stuff, operations are done using AND logic.
      logical operations are always done using binary value.
      octal is for our easiness calculation.
      but in kernel all octal value first convert in binary then logical AND operation perform.

  • pdk February 25, 2011, 6:57 am

    In your last example, if umask value is 077 and default permission is 777 then the newly created value should have permission 700, that is the the file should be rwx by the owner, but in your case the permission bits 600.

    IN the table, the last entry if umask value is 0027 and default value is 777, then the file should have permission 750 i.e. group should have read and execute permission ,but you wrote r/w permission.

    Correct me if I am wrong.

  • themoon49 March 1, 2011, 4:59 pm

    Hay Post’s owner thanks for your explaining

  • sameerdhiman March 16, 2011, 7:59 am

    Thank you for such a short and to the point write up. This helped a lot.

    Thanks again.

  • Kiteman June 23, 2011, 7:56 am


    How to implement a umask when using a program in a batch mode, when .profile or .bashrc is not loaded ?

    Thanks for your help.


  • Bishnu September 7, 2011, 4:18 pm

    Very Useful. Thanks a lot.

  • Lawson September 8, 2011, 6:19 pm

    I love this post keep it up please i need more tutorials about this cause i jst learnt it thanks!

  • Ashish Jaiswal September 22, 2011, 6:50 am

    There is a basic simple idea to calculate the umask

    1) For file permission it is 666
    2) For Directory Permission it is 777

    So any umask setting is there just subtract it from the above mentioned values.

    As an example

    umask is set as 022

    Then directory permission would be 777 – 022 so i.e 755
    and file permission would be like 666 – 022 so i.e 644

    As simple as this

    you can put this value in /etc/bashrc /etc/login.defs or ./bashrc

    Please post me if you have any more doubts on this

    • boilermaker October 27, 2011, 4:49 pm

      Hey Ashish
      Say the umask is 027. How would you apply that to determine file permissions?

      • Ashish October 27, 2011, 4:59 pm

        Hello boilermaker,

        I guess you have asked the same question, above in the same article…still you are not satisfied let me know about it…I will help you out..

        • Harshit February 28, 2012, 12:20 pm

          Hey Ashish,

          U r bit of right but this trick not work in all value, b’coz its partion right.
          let’s get one example,
          take umask value = 0033

          now form your point of view the file permission would be 0666-0033 = 0633

          but its wrong,
          b’coz kernel doing AND opeation betweed file/directory default value and 1’ns complement of umask value.
          i.e. 0666 000 110 110 110
          0033 000 000 011 011 —> 1’ns compl 111 111 100 100
          AND opration 000 110 100 100 i.e 0644
          thats why file permission would be 0644
          ie -rw-r–r–

          this is general way to find file permission. u may run it practically..
          thank you…
          Harshit Patel

  • freddie barron September 28, 2011, 9:03 am

    Ashish Jaiswal i agree with you 100% Then directory permission should always be 777 – 022 so i.e 755 while the file permission should be 666 – 022 so i.e 644

  • vijay November 7, 2011, 3:57 am

    what is yhe u mask vllue for dir

  • vulna November 11, 2011, 7:24 am

    how can i set permission for folder which mount to drive to each user can not delete or modify other’s file and folder?
    For instance in fstab:
    /dev/sdb1 /any_where vfat uid=…,gid=…,umask=0002 0 0
    Like as we use chmod -R +t folder to set permission to folder look like: drwxr-xr-t
    So where and what i have to add parameter?

  • illimar November 22, 2011, 5:03 pm

    Hey, can You please tell me how do I set umask for a certain user under Ubuntu? I do not want to set a global umask.

  • milli December 14, 2011, 6:27 pm

    how can we change the Default value of Umask permanently?????
    help me…..

  • usman maan January 8, 2012, 5:35 pm

    how to change umask value permanently in opensuse linux??????
    plz reply……fast as u can………

  • Jim Trigg January 24, 2012, 8:50 pm

    The final table has three errors. The first three rows calculate “7 – 2 = 4” where they should calculate “7 – 2 = 5”. So the values in the final column should be 755, 751, 750, 700.

  • andres February 23, 2012, 2:48 pm

    Hi, is there anyway to check if umask is already applied on a directory without creating a file an check the permissions?


  • Ashish Jaiswal February 23, 2012, 3:54 pm

    Hello Andres,
    I guess you can check in login.defs file what umask you have right now..
    umask is not specific for any directory or any file. I guess it applies on user basis

    • Harshit February 28, 2012, 12:33 pm

      hello Ashish,
      where can I find “login.defs” file? in which directory??

      • Richard August 11, 2012, 6:25 am

        It is in /etc/login.defs

  • Harshit February 28, 2012, 12:37 pm

    how to permanently change default umask value…

    in local user i always see 0002 value, how can I change it permanently to 0044…???

    • Harshit March 16, 2012, 5:23 pm

      oh post is updated.. thanx for updating and solve my doubt…

  • Latha March 9, 2012, 7:17 am

    Thanq guys nw im cleared about this

  • immaqulate April 10, 2012, 5:09 am

    Thnx guyz 4 everythn i apprecia8

  • Naresh Kumar May 3, 2012, 6:53 am

    My very long doubt about umask is cleared now ;)

    Thanks a lot for giving such brief explanation with simple words.

  • Thamizharasan P August 21, 2012, 4:47 am

    Thank You. Its very helpful for me…

  • Hamid September 25, 2012, 5:18 pm

    Good and to the point information about umask and file permissions.

  • Pawan Kumar Sharma September 25, 2012, 5:37 pm

    Hi Vivek/All,

    Just wondering No one here asked for “0” in first field ,

    0777 for directory as mentioned above, stands as default permission, where the

    2nd Field:- Denote Default permission for User
    3rd Field:- Denote Group
    4th Filed:- Denote Others

    how about the 1st Field ?

    Its stands for special permission like SUID/GUID/ Sticky bit/ chattar etc,and represent that, the special permission remains intact and independent of umask set.

    Caring is sharing, inputs are welcome.

  • sheno October 3, 2012, 9:28 pm

    thank u too much dear sir

    actually i am a beginner in Linux and your post show me so informative info. with a great style thank you a lot.

    actually while reading the equation which make a relations between the base permission and the umask which give us the new file permission as it mentioned above in this example .
    **** Task: Calculating The Final Permission For FILES ***

    You can simply subtract the umask from the base permissions to determine the final permission for file as follows:
    666 – 022 = 644

    File base permissions : 666
    umask value : 022
    subtract to get permissions of new file (666-022) : 644 (rw-r–r–)

    so i think this mechanism is not a substract but i think we can called it ANDING

    i built my conclusion after i transfer first the base permission to this form

    666 = rw- rw- rw-
    then i made smae style to the umask 022= rw- r– r–

    then i transfer the two input to the binary values

    110 110 110
    110 100 100
    and i applyed the anding and as we know anding ( 1 and 1 = 1 while 0 and any thing is zero )

    so the result of anding is

    110 100 100

    the result is the permission for the new file so now lets transfer it to symbolic way

    rw- r– r–

    so in my view its ANDING mschanism not a SUBSTRACT .

    thank u too much sir i am so happy to learn many information from your post.

  • Yordan Georgiev October 10, 2012, 7:05 am

    Probably the shortest, cleanest and easiest explanation of the umask concepts found on the Net. Thank you !!!

  • Srinath Kattula November 11, 2012, 6:52 pm

    how about subtracting 027 from 666 ? as u told that we need to subtract as though we were to subtract decimal numbers,then 666 – 027 will give you 639.and as a matter of fact we cant express number >8 in octal.help appreciated in advance.

  • Jyoti Nagpal December 5, 2012, 12:39 pm

    in the above table Octal value : Permission according to me
    0 : read, write and execute i think 0 for none
    1 : read and write 1 for execute
    2 : read and execute 2 for write
    3 : read only 3 for write and execute
    4 : write and execute 4 for read
    5 : write only 5 for read and execute
    6 : execute only 6 for read and write
    7 : no permissions 7all permisions
    but 7–means all permisions and 0 for none please ……………………

    • Majid December 20, 2012, 5:20 pm

      0 means R,W,X
      7 means nothing

  • Vijay December 24, 2012, 12:52 am

    very good explanation thank you so much..

  • shrikant March 17, 2013, 5:52 pm

    if i set the umask as 077 what will be the file permission?

  • mufti April 5, 2013, 3:25 am

    Actually the default permission value 666 is only for non-executable file (rw- rw- rw-). We cannot umask with 077 for that non executable file, only umask with 066 for 600 (rw- — —) file permission result . For executable file the default permission value is same with default directory permission: 777 (rwx rwx rwx). You can umask with 077 for that executable file and find result 700 file permission (rwx — —). Note that r = 4, w = 2, x = 1, – = 0, so rw- = 4+2+0 = 6. rwx = 4+2+1=7.

  • mufti April 5, 2013, 4:50 am

    May be I was wrong. I was confused by default non-executable permission value of 666. Umask mean create upper limit value that should not be exceeded for permission. So if you have file permission 666 (rw- rw- rw-) and need to limit the file to 600 (rw- — —), you should umask with 177 (777-177 = 600). Correct me for my false above.

  • mufti April 5, 2013, 5:13 am

    My conclusion, you may set umask 077 to your file permission, but it doesn’t limit to non-executable file because 777-077=700. 700 (rwx — —) is executable file for owner. If you want umask to non-executable file for owner you should umask 177 because 777-177=600 (rw- — —).

  • Michael Hodgdon May 20, 2013, 7:51 am

    Would like to add one tidbit here, in RHEL 5/6 the individual umask setting(s) would need to be applied in the file ~/.bash_profile. See below on my discovery.

    [admin@xxxxxxx intf]$ sudo su – ftpuser
    -bash-3.2$ umask

    [admin@xxxxxxx intf]$ sudo su – ftpuser
    -bash-3.2$ mv .bashrc .bash_profile

    [onhodgdm@lcvunx06 intf]$ sudo su – ftpuser
    -bash-3.2$ umask

  • Pawan July 4, 2013, 5:43 am

    Very helpful article for newbie. Thanks for sharing. Does we require to set umask value both in profile and bashrc file ?

  • Mitter August 30, 2013, 11:01 am


  • chandra sekhar reddy September 13, 2013, 7:47 am

    Hi every one,

    If umask value is set 0(zero) then files are created with rw(for owner,group,others) permissions and directories are created with rwx(for owner,group,others). For files how this umask value is calculated in the case of umask value is set to zero ?

  • Gorakshanath December 5, 2013, 4:41 pm

    Really useful

  • Mayeen Uddin December 19, 2013, 3:42 pm

    Thanks a lot….

  • folminar January 20, 2014, 12:36 pm

    Can you please post a commands that are using letters?

  • shivram January 28, 2014, 10:58 am

    1.how to installing centos 5
    2.how to created partition

  • Dan February 5, 2014, 2:14 pm

    Very good explanation. Thanks.

  • Sepahrad Salour March 18, 2014, 6:01 am

    Very useful, Thanks a lot :)

  • droope April 22, 2014, 12:10 am

    Good article, thanks!

  • Yordan Georgiev August 15, 2014, 4:59 am

    for bit in {0..7} ; do umask 000$bit; touch 000$bit ; echo on umask set to `umask` `umask -S` `stat -c “%A %n” 000$bit`; done | column -t

  • model December 10, 2014, 8:14 am

    i am not getting how umask is calculated for files for e.g
    when umask is – 333 , 666-333=333 but as i know umask doesnt allow execute permission for files so it can’t be 333 at least. but then why its creating as 444 and why not 222. how’s its calculating to create it as 444 ?
    another example is when umask is – 111, 666-111=555 but as said it can’t be 555 and file is getting created as 666. how come and why not 444. how it is calculating this ?
    Can somebody explain me this in simple language.

  • model December 10, 2014, 8:29 am

    hi why i am not able to set umask for setuid or setgid or sticky bit ? for e.g when running umask 2002 i am getting error as `umask 2002 octal number out of range`.
    but my question is first bit is to set for special permission (suid,sgid, or sticky bit ) then why i am not able to set the above umask and getting error ? same is going on for umask 4002 or 1002.if we can not set then what is the meaning of of that first bit in umask ? can somebody please explain

  • ankush April 16, 2015, 1:20 pm


    Is there a way we can change the umaskmode for individual users?

    Any directory/file created by srv-test user would have a umask of 002 results if dir/file permissions of rwxrwxr-x.

    system wide setting remain same i.e 022.

    Please suggest.

  • tcoupe September 2, 2015, 2:47 pm

    What if I want to set up file permissions to be equal to r–,r–,r– (444) and directory permissions to be rw-,r–,r– (644) ? What would be the umask value setting? I’ve tried umask 222 which came out good for files but for directories it equals 555. Alternately, I’ve tried umask 133 which gives me 644 for files which is not what I want but it gives me 644 for directories which is good.

    If anyone can figure out what the umask value should be to equal 444 for files and 644 for directories, Please let me know.

  • Fatboss October 1, 2015, 6:51 pm


    By default, umask = 000, and this sets permissions to 777 for directories and 666 for files.
    Meaning that umask = 111, sets 666 for directories and 555 for files.
    You can’t set 644/444 using umask. Its either 644 / 533 (133) or 555 / 444 (222) – both of which make no sense.

    There are only handful umasks that make sense. Those have values of 0, 2 or 7. ALL other values produce anomalous effects.
    For example, “2/w” on files or directories (from umask 5 and 4) results in directories that are writeable, but not accessible (“1/x” bit); or files that are only writeable.

    Umask of 6 produce “1/x” value on directories, which means – execute rights of contained objects – yet reading or writing in same directory not possible. On files it will produce 0 (no rights). A 111 on dirs/000 on files can make sense – for making secretly accessed directories (which still can be bruteforced). Example – below. But there is no sense to create this as uname. Such directories are created manually as needed.

    autocompletion: ls /somedir/somesecretdir/ will not work.
    listing: ls -alh /somedir/somesecretdir/ will not work.

    all, because somesecretdir directory has no “4/r” on it (to read contents), yet has “1/x” to execute rights of contained objects. But:
    ls -alh /somedir/somesecretdir/supersecretlongname123/
    cat /somedir/somesecretdir/supersecretlongname123/a_file

    will work, because we supply fully correct name “supersecretlongname123”.

    Finally, umask of 3 will produce very strange results – directories with “4/r”, means their contents still can’t be accessed – just filenames listed; and “2+1/-wx” on files, – files which can be written to(and copied around) and accessed, but not displayed.

    So stick to umask values of 0,2,7: 000, 002, 022, 027, 007, 077. Everything outside makes zero sense.

    • fatboss October 2, 2015, 8:07 pm

      Correction: “But there is no sense to create this as uname.” above should mean “But there is no sense to create this as umask.” of course.

Leave a Comment

   Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,