umask - Linux

Overview

The umask (user file-creation mode mask) is a Linux command used to set the default permissions or file mode creation mask for new files and directories created by the user within the session. This helps control the initial permission settings for files and directories, ensuring that they are not overly permissive or restrictive based on user requirements and security policies.

Syntax

The basic syntax of the umask command is as follows:

umask [option] [mask]

• mask: The mask can be represented in octal or symbolic format. If no mask is provided, umask shows the current mask.

Modes

• Octal mode: Masks can be set using an octal number system (0-7).
• Symbolic mode: Masks can be specified through a symbolic representation like u=rwx,g=rx,o=rx.

Options/Flags

• -S, –symbolic: Display the current umask value in a symbolic format.
• -p: Output in a format that can be reused as shell input.

Examples

1. Display the current umask in octal format:

   umask
   

2. Display the current umask in symbolic format:

   umask -S
   

3. Set the umask using octal format:

   umask 022
   

   This sets the default permissions so that new files will have 644 (-rw-r–r–) and new directories will have 755 (drwxr-xr-x).

4. Set the umask using symbolic format:

   umask u=rwx,g=rx,o=rx
   

   This ensures that the user (u) can read, write, and execute, while group (g) and others (o) can only read and execute.

Common Issues

• Inadvertently setting a too permissive or restrictive umask: Users should ensure that the mask set does not expose sensitive files or restrict necessary access to files by other users or groups.
• Forgetting to reset umask in scripts: Always set the umask back to a safer value if changed temporarily within a script.

Integration

umask is often used in scripts to set default permissions before creating files or directories. Here’s an example in a script to ensure that logs are not world-readable:

#!/bin/bash
umask 027
touch /var/log/myapp.log

Combine umask with other file-managing commands like mkdir or touch:

umask 077; mkdir secure_dir; touch secure_dir/secure_file

Related Commands

• chmod: Changes the file mode bits of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new mode bits.
• chown: Change file owner and group.
• mkdir: Create new directories with specified permissions when used with -m.

For further reading and more detailed information, refer to the umask man page by typing man umask in the terminal.