Linux

Umask

You can use the umask utility to display, set, or change the current or default value of the umask.

Display the current value of the umask

To display the current value of the umask in symbolic mode, use:

1
% umask -S

To display the current value of the umask in octal mode, use:

1
% umask

When displaying the umask in octal mode, you may notice it displayed as a four digit number (0002 or 0022). The first digit of the umask represents a special bit (sticky bit, SGID bit, or SUID bit). If the first digit is set to 0, the special bit is not set.

Display the default bash umask

1
2
% grep umask /etc/bashrc #for non-login shell
% grep umask /etc/profile #for login shell

Display the default csh umask

1
2
% grep umask /etc/csh.cshrc #for non-login shell
% grep umask /etc/csh.login #for login shell

Usually we change csh.cshrc like this.

1
2
3
4
5
6
% more /etc/csh.cshrc
if ($uid > 199 && "`/usr/bin/id -gn`" == "`/usr/bin/id -un`") then
    umask 027
else
    umask 022
endif

Setting the umask using symbolic values

1
umask -S <level><operation><permission>

<level>: Permissions can be assigned to the following levels of ownership:

  • u User owner
  • g Group owner
  • o Other
  • a All

<operation>: To add or remove permissions you can use the following signs:

  • + to add the permissions on top of the existing permissions
  • - to remove the permissions from the existing permission
  • = to remove the existing permissions and explicitly define the new ones

<permission>: You can assign the following permissions:

  • r Read
  • w Write
  • x Execute

Any permission that is not specified after the equals sign (=) is automatically prohibited.

Example: umask -S u=rwx,g=rx,o=rx

Changing the default umask for a specific user

1
2
# echo 'umask octal_value >> /home/username/.bashrc #for bash
# echo 'umask octal_value >> /home/username/.cshrc #for csh

Setting default permissions for newly created home directories

You can change the permission modes for home directories of newly created users by modifying the /etc/login.defs file.

  1. As root, open the /etc/login.defs file in the editor.
  2. Modify the following section to set a new default HOME_MODE:

    # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new

# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
Replace the default octal value (0700) with another octal value. The selected mode will be used to create the permissions for the home directory.
3. If HOME_MODE is set, save the changes and exit the editor.
4. If HOME_MODE is not set, modify the UMASK to set the mode for the newly created home directories:
# Default initial “umask” value used by login(1) on non-PAM enabled systems.
# Default “umask” value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
# home directories if HOME_MODE is not set.
# 022 is the default value, but 027, or even 077, could be considered
# for increased privacy. There is no One True Answer here: each sysadmin
# must make up their mind.

UMASK 022

Replace the default octal value (022) with another octal value. See User file-creation mode mask for more details.
5. Save the changes and exit the editor.