Introduction to Linux Umask
UMASK is an abbreviation for user mask and is sometimes called a User file creation mask. In Linux, there are many instances when one would need to create a file or a directory as per the use case requirement. While doing this, one needs to make sure that the permission of the newly created file or directory should comply with the use case scenarios. Now, suppose a Linux system is used for developing applications suited for only one kind of scenario tackling. In that case, it is erstwhile to change the base permission or the default permission of the newly created files or folders. UMASK is the command that comes in handy while fixing the default permission to something that most applications being developed in that Linux box would typically have.
Before we even jump into understanding what scenarios umask would help or what is the working principle of umask, it is beneficial to understand the syntax behind the umask so that while going through the working principle, we can keep the syntax in mind.
umask <1st number><2nd number><3rd number>
Here, umask is the keyword or command which will instantiate the action of umasking. <1st number>is the number that would be given for the owner <2nd number>is the number that would be given for group <3rd number>is the number that would be given for others. Now, these numbers are adjudged according to the octal notation we have for each of the targeted audiences. Octal numbers will vary from 0 to 7, each number signifying particular permission. These numbers are not the same as the ones you would be expecting to see for file permission. The reason is that there is a calculation that takes place to get permission. So, the numbers stated below is to be used to get the desired permission, and not necessarily the numbers listed below will signify the permissions list. The different scenarios (for directory) are:
0: read-write and execute
1: read & write
2: read & execute
4: write & execute
5: write only
6: execute only
7: no permission
If you recall from a previous understanding of file permission, you would see that the numbers are just the opposite of the actual file permission numbers. The reason is the calculation we will talk about. Using the numbers in the umask, you would see that the permission to the file or directory is the one you would be expecting as text and not the numbers listed above. So, for example, after calculation, if umask is 1st number is 0, you would get 7 or 6 as the 1st number post calculation, and that is exactly the number for reading, write and execute for a file or directory, respectively.
umask u=rwx, g=, o=
Here umask is the same keyword, u refers to users, g refers to groups,o refers to others. And the letters r refers to read,w refers to write,x refers to execute. Here as well, there is a calculation that will follow to get to the actual file permission.
How Does Umask Work in Linux?
In order to understand how umask works in Linux, it is more important to note a few important parameters that become the base for obtaining the file permissions. By default, base permission for a file is 666, and the directory is 777. Number 7 won’t exist, and number 6 will have action as No permission in case of files. This is because it is a rule of thumb that files with execute permissions are not allowed to be created by Linux, and one would need to do that after the file is created and as a separate step!
The next thing is how and where do we change the value of umask. This needs to be changed in the ~/.bashrc file. ~/.bashrc lets you set parameters or attributes or configurations for terminal sessions. In case you need to change the umask for only current sessions, you would need to put it as a command-line input.
Once you have set the umask values, these will try to be used as a NOT operator to calculate the file permissions. As already mentioned, the default base permission for files is 666. The directory is 777; let us look at 2 different calculations (for files and directory) to understand how we arrive at permission numbers from the umask code.
Scenario: Get inside a directory, and only the user can read and write; groups can only enter the directory and read &others have no permission (umask 027)
Get File permission
The intention is to subtract the umask number from the base permission to get the actual file permission. For example, if the umask is 027 [0 (read & write for user), 2 (read-only for the group), 7 (no permission for others)] then the calculation is as follows:
Base permission: 666
File permission: 666 – 027 = 640* (rw-r—–)
*Please note that 6 – 7 is -1, but in Linux, it is adjusted to be 0.
Get Directory Permission
The intention is to subtract the umask number from the base permission to get the actual file permission. For example, if the umask is 022 [0 (read, write& execute for user), 2 (read & execute for group and others)] then the calculation is as follows:
Base permission: 777
File permission: 777 – 022 = 750 (rwxr-x—)
In the above scenario, users can read, write and execute in a directory and can read and write in a file inside it.
Groups can read and execute into a directory but can only read a file inside it.
Others can do nothing, i.e., no permission.
mkdir new DirWO
touch new FileWO
touch new File
A useful tip: Try to first understand the base scenario and then watch out for permission in a numerical form. Then subtract it from the base permission to get the umask number.
In this article, we have learned about how we use scenario-based numbering to understand what the default umask number should be, and then in accordance with that, we set up the umask either in bashrc or only for that terminal only as per requirement.
This is a guide to Linux Umask. Here we discuss how Umask works in Linux and the mask and without mask codes and outputs. You may also have a look at the following articles to learn more –