What is umask and how to setup default umask under Linux?

Anil ask a question (via email):

What is umask and how is it determined on a Linux system?

The user file-creation mode mask (umask) is use to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four-digit octal number .

Procedure to setup default umask

You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Linux distro set it to 0022 (022) or 0002 (002).
Open /etc/profile (global) or ~/.bashrc file
# vi /etc/profile
OR
$ vi ~/.bashrc
Append/modify following line to setup a new umask:
umask 022
Save and close the file. Changes will take effect after next login.

But what is 0022 and 0002?

The default umask 0002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.

The default umask for the root user is 0022 result into default directory permissions are 755 and default file permissions are 644.

For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

To calculate file permission for 022 (root user):

Default Permissions: 777
Subtract umask value: 022 (-)
Allowed Permissions: 755

To calculate directory permission for 022 umaks (root user):

Default Permissions: 666
Subtract umask value: 022 (-)
Allowed Permissions: 644

The following example explains the steps needed to set umask for permissions 700 for user files. The idea very simply only user is allowed to read or write file.

Default Permissions: 777
Subtract umask value: 077 (-)
Allowed Permissions: 700

$ umask 077
$ touch file.txt
$ ls -l file.txt

Output:

-rw------- 1 vivek vivek 0 2007-02-01 02:21 file.txt

Sample umask values and permission

umask value User Group Others
0000 all all all
0007 all all none
0027 all r/w none

For more information read man page of bash:
man bash
help umask

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 26 comments… read them below or add one }

1 Dmitry 02.07.07 at 2:53 pm

Reply from text:
—————————-
To calculate file permission for 022 (root user):
Default Permissions: 777

To calculate directory permission for 022 umaks (root user):
Default Permissions: 666

————————————
It’s wrong, isn’t it?
The right answer is:

To calculate _file_ permission for 022 (root user):
Default Permissions: _666_
etc.
To calculate _directory_ permission for 022 umaks (root user):
Default Permissions: _777_
etc.

2 WGriffin 03.08.07 at 2:00 pm

The title says “How to setup default umask”
You never mention how to actually set the default up.

3 nixcraft 03.08.07 at 3:11 pm

WGriffin,

Opps. Post has been updated. Thanks for heads up!

4 RAHUL 01.01.08 at 3:10 pm

Yes Guy !

Its an excellent site for newbie.
I like it most…

I think its help all Linuxx user.

5 ahmed 03.28.08 at 4:44 am

thanks. very helpful

6 posicionamiento 06.09.08 at 3:53 pm

thanks guys….
I like such short tutorials …;)
Cheers

7 niez 06.25.08 at 7:50 pm

Hi there!

I’ve tried changing umask on my GNU/Linux box (Gentoo). Is’s look like 0000 and 0111 is the same mask. What’s going on?

8 Raghu 06.27.08 at 1:14 pm

Default (initial) Run level for root?

9 Sunny Thakur 06.30.08 at 10:16 am

Hi,
I have done this thing 3 times….but not any affect on umask default permissions.
i used :
# umask 0077 command for temporarily umask….

10 sushil 09.17.08 at 6:28 am

permissions for files are as follows

777 – Executable files
666 – Text files

11 Freebsd_man 12.06.08 at 4:34 pm

You say: For directories, the base permissions are (rwxrwxrwx) 0777 ….

and then you calculated:

To calculate directory permission for 022 umaks (root user):
Default Permissions: 666

nonsense ?

12 georgh 01.08.09 at 11:34 pm

I know this is a very old post, but I would like to correct one thing if someone lands here from a search engine:

According to the DebianDesktopHowTo the value for UMASK has to be changed in both /etc/profile and /etc/lgin.defs. This howto has a specific section about permissions in a shared computer.

Thanks for posting this.

13 georgh 01.08.09 at 11:34 pm

I meant login.defs.

Sorry.

14 jeet 01.27.09 at 10:20 am

but again que is that can we change the default permission permanently? tell now

15 Caleb Cushing ( xenoterracide ) 02.26.09 at 12:40 pm

0027 all r/w none

um… this would be all r/x none

removing 2 removes write.

16 Steven 03.03.09 at 10:11 am

Hello guys, thanx for your valuable input however i need to make the php files created by my app rwxrwxr– by default.

How can I get to do that?

17 navin 03.09.09 at 5:33 am

very helpful thanks a ton

18 Umask Executable 03.17.09 at 6:44 pm

Steven: Umask cannot typically be used to default new files to executable. You need to use chmod instead.

19 KAPIL AHIRE 04.10.09 at 7:37 am

THANKS VIVEK

20 Abhinav Chittora 05.04.09 at 7:33 pm

I am using fedora9 and having trouble with system. when I create a file as root then the file have permission rw-rw—- I have to change permission each time….

I want to change umask but when I tried it with umask 000 then the default permission are rw-rw-rw- not rwxrwxrwx. I want the permission rwxrwxrwx how to set it as default?

21 kailas kadam 05.05.09 at 6:54 am

this is very good site to understand umasks

22 senthilkumar.k 06.18.09 at 5:04 am

The umask explanation is very useful for beginners
note :
directory default mask : 022
permission ( means rwx) : 777
actual permission value is : 777 – 022 = 755

23 doug 06.19.09 at 1:34 pm

execute permission is never defaulted on a file (hence 666 base) … it is defaulted for a directory (hence 777 base) so access to the directory is there.

so 027 does result in all r/w none for a file but all r/w/x none for a diretory.

24 doug 06.19.09 at 1:36 pm

for a file 000 and 111 are the same as 111 masks off execute permission and the base permission is 666 – 000 === 666 – 111.

25 doug 06.19.09 at 1:39 pm

oops 027 for a file is all r none no ‘w’

26 kurinchi blogger 06.30.09 at 3:24 am

To return the default permission setting type umask with no options
$ umask
022

Having known the umask value, try creating a directory and a file and check what the file settings are

$ mkdir tempdir1

$ ls -l
drwxr-xr-x 2 root root 4096 2009-06-29 10:42 tempdir1

$ touch tempfile1

$ ls -l
drwxr-xr-x 2 root root 4096 2009-06-29 10:42 tempdir1
-rw-r–r– 1 root root 0 2009-06-29 10:43 tempfile1

Change the umask and again create a directory and a file and check the file permission settings

$ umask 027
$ umask
0027

$ mkdir tempdir2
$ ls -l
total 12
drwxr-x— 2 root root 4096 2009-06-29 10:40 tempdir2

Now the directory tempdir2 has a permission setting of 750

$ touch tempfile2
$ ls -l
drwxr-x— 2 root root 4096 2009-06-29 10:40 tempdir2
-rw-r—– 1 root root 0 2009-06-29 10:40 tempfile2

Now the file tempfile2 has a permission setting of 640

Now, let us see how the file permission settings are calculated using boolean expressions after we have issued a umask with 027.

For the directories, you need to take the 1’s complement of the umask value and perform a logical AND operation with 0777.

For e.g. consider the case where we have umask value of 027 – 0000 0000 0010 0111
1’s complement of 027 – 1111 1101 1000

For directories perform logical AND operation with 0777 (0000 0111 0111 0111). So

1111 1101 1000 (1’s complement of 027)
0111 0111 0111 (0777)
—————-
0111 0101 0000 = 0750

For files, perfom logical AND operation with 0666 (0000 0110 0110 0110), so

1111 1101 1000 (1’s complement of 027)
0110 0110 0110 (0666)
—————
0110 0100 0000 = 0640

Try different combinations on files, directories to get a clear picture on how umask is applied on files.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post: Linux Driver Development Help available from Gurus

Next post: Howto share application data using UNIX System V IPC mechanisms