Introduction
When creating a new file or directory, Linux applies the default set of permissions. The umask
command lets you change these default permissions.
In this tutorial, you will learn what umask is, how it works, and how to use it to set up file and directory permissions for individual users or groups.
Prerequisites
- Linux-based system (e.g., Ubuntu, CentOS, Debian)
- A user account with sudo privileges
- Access to the command terminal
Umask Overview
The term umask refers to two things:
1. The Linux umask
command. umask
(user file-creation mode) is a Linux command that lets you set up default permissions for newly created files and folders.
2. A user-defined permissions ‘mask’. A user can choose how to restrict permissions by using a permissions mask. A permission mask interacts with the default system permissions and changes them. The umask
command is used to apply this mask.
How Does Umask Work?
The umask
command works by affecting the default Linux file and folder permissions.
There are three categories of permissions for every file and folder in Linux:
- User: Defines permissions for each individual user. By default, the user who creates a file or folder is set as the owner.
- Group: Defines permissions for a group of users that share the same level of access.
- Other: Defines permissions for anyone not included in the two previous categories.
Use the following command to review permissions for the home folder:
ls -l
Each line of the output starts with a 10-character string detailing permissions. Breaking down the highlighted entry, this string consists of the following elements:
d
: Indicates the file type (directory).rwx
: Indicates user permissions (read, write, and execute).r-x
: Indicates group permissions (read and execute).r-x
: Indicates other permissions (read and execute).
The umask Command Syntax
Using the umask
command without additional command options returns the current mask as the output:
The umask
command uses the following syntax:
umask [-p] [-S] [mask]
Where:
[mask]
: The new permissions mask you are applying. By default, the mask is presented as a numeric (octal) value.[-S]
: Displays the current mask as a symbolic value.[-p]
: Displays the current mask along with theumask
command, allowing it to be copied and pasted as a future input.
Symbolic and Numeric umask Values
As we mentioned in the example above, umask can be displayed as a numeric (octal) or symbolic value.
A mask can have the following numeric, and the corresponding symbolic, values:
0 | --- |
No permission |
1 | --x |
Execute |
2 | -w- |
Write |
3 | -wx |
Write and execute |
4 | r-- |
Read |
5 | r-x |
Read and execute |
6 | rw- |
Read and write |
7 | rwx |
Read, write, and execute |
How to Calculate Umask Values
Linux uses the following default mask and permission values:
- The system default permission values are 777 (
rwxrwxrwx
) for folders and 666 (rw-rw-rw-
) for files. - The default mask for a non-root user is 002, changing the folder permissions to 775 (
rwxrwxr-x
), and file permissions to 664 (rw-rw-r--
). - The default mask for a root user us 022, changing the folder permissions to 755 (
rwxr-xr-x
), and file permissions to 644 (rw-r--r--
).
This shows us that the final permission value is the result of subtracting the umask value form the default permission value (777 or 666).
For example, if you want to change the folder permission value from 777 (read, write, and execute for all) to 444 (read for all), you need to apply a umask value of 333, since:
777 - 444 = 333
How to Set and Update the Default Umask Value
Use the following syntax to apply a new umask
value:
umask [mask]
Where:
[mask]
: The mask you want to apply, as either a symbolic or numeric value.
Setting Up a Symbolic Umask Value
Set a new umask value by using symbolic values with the following syntax:
umask u=#,g=#,o=#
Where:
u
: Indicates user permissions.g
: Indicates group permissions.o
: Indicates other permissions.#
: The symbolic permission value you want to apply, as detailed in the table above.
Note: Never use space after comas when setting up a symbolic mask value.
There are also other operators you can use:
=
: Creates specified file permissions and prohibits unspecified permissions.+
: Creates specified permissions, but does not change unspecified permissions.-
:Prohibits specified permissions, but does not change unspecified permissions.
Setting Up a Numeric Umask Value
Once you calculate the required umask numeric value, set it up by using:
umask [mask]
Where:
[mask]
: The numeric value of the mask you want to apply.
Difference Between umask and chmod
The chmod command in Linux works in a similar way to the umask
command. It too is used to define permissions for files and folders.
The difference between umask
and chmod
is that umask
changes the default permissions and thus the permissions for all newly created files and folders, while chmod
sets permissions for files and folders that already exist.
Conclusion
After following this tutorial, you should be able to review and change umask using symbolic or numeric values.
Make sure you also take a look at our Linux command cheat sheet for more commonly used Linux commands.
原创文章,作者:carmelaweatherly,如若转载,请注明出处:https://blog.ytso.com/224264.html