Default access rights - umask
When you create a new file or directory, the permissions will always be the same. This is because the default permissions are set by the umask mechanism.
Last Update : October 12, 2020
Default access rights - umask
- Check the current umask value
- Set the umask
- How to calculate umask
- umask access rights table
- Specify umask in symbol mode
1. Check the current umask value
When you log in to the OS, the umask value is already set. This is because in /etc/bashrc (the file run at login) you will find an entry that assigns the value of umask to the user.
To check the current umask value, run the umask command with no options.
$ umask 0002
We'll explain the meaning of the value later, but you can see that the current umask value is 0002.
The "-S" option allows you to check the default permissions of the directory in symbolic mode.
$ umask -S u=rwx,g=rwx,o=rx
The umask value is set on a per-account basis.
2. Set the umask
To set the umask, specify the umask value in the umask command and run it.
Example: Set the umask value to 0022.
$ umask 0002 ← Now 0002. $ umask 0022 ← Set the umask value to 0022. $ umask 0022 ← The umask value is now 0022.
3. How to calculate umask
This section explains how to calculate the umask value to be passed as an option.
You can get the umask value by subtracting the default permissions (numeric mode) from "666" for files and "777" for directories. The umask value of the file has an exception, so please refer to the table. Also, you can't set the execution permission to the initial value of the file.
If you want to set the default permissions for the directory to 755
umask 022 The umask 0022 and the numeric part may be represented by 4 digits
You can now set the default permissions for the directory to 755.
4. umask access rights table
Created file and directory permission table for the specified umask value.
|umask value||Directory Default Access Rights||Default file access rights|
5. Specify umask in symbol mode
You can also execute the umask value in symbol mode as follows.
The executable portion of the file to be created is ignored.
$ umask -S u=rwx,g=rwx,o=rx ← I don't have write access to the "Other" section. $ umask u=rwx,g=rwx,o=rwx← Specify rwx for the "Other" part. $ umask -S u=rwx,g=rwx,o=rwx ← The "other" part will be rwx, too. $ mkdir dir $ ls -l drwxrwxrwx 2 user1 user1 4096 Jul 30 09:21 dir← The default permission for the "other" part of the directory is "rwx".
$ umask u=rwx,g=rwx,o=rx ← Remove the "w" from the "other" part. $ umask -S u=rwx,g=rwx,o=rx $ umask 0002 $ mkdir dir2 $ ls -l drwxrwxr-x 2 user1 user1 4096 Jul 30 09:21 dir2← "w" has been removed from the "Other" section.
You can also add or remove access rights in umask symbol mode, just as you can in chmod symbol mode.
$ umask -S u=rwx,g=rwx,o=rx $ umask o+w ← Add "w(write permission)" to "Others". $ umask -S u=rwx,g=rwx,o=rwx← "w(Write permission)" has been added to the "Other" section.