What is umask and how to change the default value permanently?

In my last article I had shared the steps to assign permission to individual user even if the umask denies access to a file.

umask is a command that determines the settings of a mask that controls which file permissions are set for files and directories when they are created.

  • Octal
  • Symbolic

 

Octal method

Using this method relative permission is provided to files and directories from a scale of 0 to 7 as per the table below

Octal Values Permission
0 no permissions
1 execute only
2 write only
3 write and execute
4 read only
5 read and execute
6 read and write
7 read, write and execute

If the umask command is invoked without any arguments, it will display the current mask. The output will be in either octal or symbolic notation depending on the operating system used.

[root@test ~]# umask
0022

The 4 values represents as shown below
0 - Special permission (Sticky Bit, SUID or SGID)
0 - User Owner Permission
2 - Group Owner Permission
2 - Other User's Permission

Calculation
Follow the below table for default umask value applied on directories

Special Permission User Owner Group Owner All Others
Full Permission NA 7 7 7
Umask 0 0 2 2
Directory Permission 0 7 5 5

 
 
 
 
The below table is for default umask value applied on all the files

Special Permission User Owner Group Owner All Others
Full Permission NA 6 6 6
Umask 0 0 2 2
File Permission 0 6 4 4

 
 
 
 
For more details on providing Special Permission follow the respective links below
Understanding Special Permission SGID in Linux
Understanding Special Permission SUID in Linux
Understanding Special Permission Sticky Bit in Linux

How to change umask value using octal method?

Let me explain you this with few examples
Q: I want all the directories to be created with default permission as 755 and all files with 644 i.e. user have full permission, group and all others have read and execute permission
A: Use the umask value as 0022
Calculation
0777 - 0022 = 0755 (directories)
0666 - 0022 = 0644 (files)
Run the below command on the terminal

# umask 0022

 
Q: I want all the directories to be created with default permission as 733 and all files with 622 i.e. user have full permission, group and all others have write and execute permission
A: Use the umask value as 0044
Calculation
0777 - 0044 = 0733 (directories)
0666 - 0044 = 0622 (files)
Run the below command on the terminal

# umask 0044

Q: I want all the directories to be created with default permission as 700 and all files with 600 i.e. user have full permission, group and all others have no permission
A: Use the umask value as 0077
Calculation
0777 - 0077 = 0700 (directories)
0666 - 0066 = 0600 (files)
Run the below command on the terminal

# umask 0077

<NOTE: If fewer than 4 digits are entered, leading zeros are assumed. An error will result if the argument is not a valid octal number or if it has more than 4 digits.

Symbolic method

In this mode, the permissions are assigned using alphabet as showm in the below table

Symbolic Values Permission Explanation
r read read a file or list a directory's contents
w write write to (or delete) a file or directory
x execute execute a file or recurse a directory tree
s setuid/gid See SUID and SGID for details.
t Sticky bit See Sticky Bit for details.
# umask -S
u=rwx,g=rx,o=rx

The permissions of a file are applied to three different classes of users: the user (the file's owner), the group, and others.

Letter Class Description
u user the owner of the file
g group users who are members of the file's group
o others users who are not the owner of the file or members of the group
a all all three of the above, it is the same as ugo. (This is the default if no class is specified in the umask command.)

 

How to change umask value using symbolic method?

Let me explain you this with few examples

# umask a+rx

The above command allows read or execute permission to be enabled for all user classes; the rest of the mask bits are unchanged

# umask u=rw,go=

The above command allows read and write permission to be enabled for the owner, while preventing execute permission from being enabled for the owner; prevent enabling any permissions for the group and others

# umask u+w,go-w

The above command allows write permission to be enabled for owner; prevent write permission from being enabled for group and others
 

How to set the umask value permanently?

The above methods used to set umask value are all temporary and terminal based. As soon as you switch your terminal the umask value will go back to the default one as set inside /etc/profile.
You can change your default umask value by maing changes to the below files

# vi /etc/profile
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 022
else
    umask 022

As you can see default umask value for all uid/gid less than/greater than 200 is having 0022. In case you want to change the same, change both the values as shown below

if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 077
else
    umask 077
fi

Save and Exit the file
Now next time you login into a terminal or different session the new umask value would be applied which you can verify using the below command

# umask
0077

You can also set the command inside your ~/.bash_profile or ~/.bashrc file so that everytime your machine boots or you open a new terminal the new umask value is updated.
To understand the difference between .bashrc and .bash_profile follow the below link
Difference between .bashrc and .bash_profile
NOTE: These two files will only be executed if you login into bash shell. For different shells there are different files which are executed every time you login.