Using umask utility, you can view or set the file mode creation mask that determines permissions for newly created files or directories.
It is used by mkdir, touch, tee and other commands that create new files and directories.
In Linux, every file have it’s owner and a group and given a set of permission and access rights in three different ways:
- the file owner.
- the group members.
- everybody else.
There are three permissions types that apply to each class:
- the read permission.
- the write permission.
- the execute permission.
This allows you to specify which users are allowed to read the file, write to the file, or execute the file.
You can view the existing file permission using ls command:
ls -l dirname
drwxr-xr-x 12 tecnstuff users 4.0K Aug 8 20:51 dirname |[-][-][-] [------] [---] | | | | | | | | | | | +-----------> Group | | | | +-------------------> Owner | | | +----------------------------> Others Permissions | | +-------------------------------> Group Permissions | +----------------------------------> Owner Permissions +------------------------------------> File Type
The first character represents the file type which can be regular file (
-), directory (
d), symbolic link (
l) or any other special type of file.
After that the next nine characters represent the permissions, three sets of three characters each. The first sets show the owner permissions, the second one group permissions, and the last set shows everybody else permissions.
r with an octal value of
4 stands for read,
w with an octal value of
2 for write,
x with an octal value of
1 for execute permission and (
-) with octal value of
0 for no permissions.
There are also three other special file permissions types:
In this example above you can see there is
rwxr-xr-x that means the owner has read, write and execute permissions (
rwx), the group and others have read and execute permissions. In numeric notation the file permission can be represent to
4+2+1 = 7
4+0+1 = 5
4+0+1 = 5
In numeric notation, permission can have three or four octal digits (
0-7). Here, the first digit represents the special permission and if it is omitted that means there is no special permission for that file. In above example the numeric file permission
755 is same as
On Linux system, the default creation permission are
666 for files, that means it allows read and write to user, group, and others. While
777 for the directory, which means it allows read, write and execute permission to the user, group and others. By default, the Linux doesn’t allow a file to be created with execute permission.
If you would like to change the default file creation permission, you can modified using umask utility.
Generally, in most Linux distributions the default
umask value is set in the
/etc/profile file. You can also change the current session
umask value by running
umask followed by the desired value. The
umask affects only the current shell environment.
You can view the current mask value just by typing the
umask command without any options:
It will show you output like this:
As we shown previously, the default creation permissions for files are
666 and for directories
777. To calculate the permission bits of the new files subtract the
umask value from the default value.
For example, to understand that how umask
022 will affect newly created files and directories:
666 - 022 = 644. The owner can read and modify the files. Group and others can only read the files.
777 - 022 = 755.The owner can cd into the directory and list read, modify, create or delete the files in the directory. Group and others can
cdinto the directory and list and read the files.
To display the mask value in symbolic notation, use the
Setting the mask value
You can make the permanent changes for
umask value in global configuration file like
/etc/profile file. That will will affect all users or in a user’s shell configuration files such as
~/.zshrc which will affect only the user.
Make sure before changes to
umask, that it should not create any security risk to the system.
For example, to set restrictive permission for newly created files and directories, the permission should
750 for directories and
640 for files.
As we seen you can cross check the permission by subtract the desired permissions from the default one:
Umask value: 777-750 = 027
umask value represented in numeric notation is
/etc/profile file with your text editor to permanently set the new value:
sudo nano /etc/profile
Add or change the following line at the beginning of the file:
After that you should run the source command for changes to take effect:
Alternatively, you can logout and again login to get the effect of changes.
To test the changes we will create a new file and directory using
mkdir and touch command:
Now we will check the permission of file and directory using the
ls command and you can see that file has
640 and directory has
drwxr-x--- 2 tecnstuff users 4096 Jul 4 18:14 testdir -rw-r----- 1 tecnstuff users 0 Jul 4 18:14 testfile
In this article explained how to use the umask command and change default permission for newly created files and directories in Linux.
If you have any questions or feedback, please leave a comment below.