The umask command alters the default permissions on newly created files and directories. Changing default permissions can be useful if you’d like to automatically control how new objects can be used, rather than changing these permissions manually on every new object.
With umask, you set default permissions using octal numeric format. However, instead of specifying which permissions to set, you specify which permissions to mask, or clear, from the default. For example, the default permissions for non-executable files in Linux are 666 (rw-rw-rw-). If you want the owner to retain these permissions, but you want the group and others to only have read access, you’ll need to set the umask to 022. Each number is explained as follows, in order:
- 0 means that the current owner permissions should not be masked at all, i.e., left as read and write.
- 2 means that the group permissions should be masked by 2, i.e., subtract 2 from the default (6) and you get 4. Group members now only have read access.
- 2 does the same thing as the previous number, but for other users.
You can use the umask command directly in the CLI to set the default permissions for that session, or you can set the default permissions for each user in their .bashrc file.
Syntax
The syntax of the umask command is:
$ umask {number}
If you encounter the below error while executing the umask command:
umask: command not found
you may try installing the below package as per your choice of distribution:
Distribution | Command |
---|---|
OS X | brew install bash |
Debian | apt-get install execline |
Ubuntu | apt-get install execline |
Alpine | apk add bash |
Arch Linux | pacman -S bash |
Kali Linux | apt-get install execline |
CentOS | yum install bash |
Fedora | dnf install bash |
Raspbian | apt-get install bash |
umask Command Examples
1. Display the current mask in octal notation:
# umask
2. Display the current mask in symbolic (human-readable) mode:
# umask -S
3. Change the mask symbolically to allow read permission for all users (the rest of the mask bits are unchanged):
# umask a+r
4. Set the mask (using octal) to restrict no permissions for the file’s owner, and restrict all permissions for everyone else:
# umask 077