File mode creation mask in UNIX.
On Linux and other Unix-like operating systems, new files are created with a default set of permissions. Specifically, a new file’s permissions may be restricted in a specific way by applying a permissions “mask” called the umask. The umask command is used to set this mask, or to show you its current value.
As you may know, each file on your system has associated with it a set of permissions that are used to protect files: a file’s permissions determine which users may access that file, and what type of access they have to it.
There are three general classes of users:
- The user who owns the file (“User”)
- Users belonging to the file’s defined ownership group (“Group”)
- Everyone else (“Other”)
In turn, for each of these classes of user, there are three types of file access:
- The ability to look at the contents of the file (“Read”)
- The ability to change the contents of the file (“Write”)
- The ability to run the contents of the file as a program on the system (“Execute”)
So, for each of the three classes of user, there are three types of access. Taken together, this information makes up the file’s permissions.
To view system’s current umask value by umask
command. Which will return system’s unmask as a four-digit octal number.
Explain Octal umask Mode 022 And 002
- The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.
- The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.
- A umask of 022 allows only you to write data, but anyone can read data.
- A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.
- A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.