New files

When new files are created, the protection bits are set according to the user’s default setting. That default is established using the umask command, probably in a startup script. This command accepts only one argument, which is a three-digit octal string that masks the user, group, and other permission bits for newly created files and directories. Without a value, umask reports the current value:

$ umask

When provided with an integer, umask sets the value for the current shell:

$ umask 2
$ umask

A umask of 22 can be rewritten as 022, or as 000010010 in binary.

The process of creating the initial mode for newly created files begins with a raw initial mode string, as defined in Table 7-4.

Table 7-4. Initial access modes


For files

For directories








6 6 6

7 7 7

The special bits are always turned off and are not masked by the umask. When a file is created, the umask is subtracted from 666; for directories, it is subtracted from 777. This calculation yields the effective protection mode for the file or directory. For example, a umask of 22 (022) is applied to a new file, masking the write permission for group and other user classes:

  110 110 110
- 000 010 010
  110 100 100

This is the same as mode 644, or rw-r--r--.

Using the same mask on a directory yields a similar result:

  111 111 111
- 000 010 010
  111 101 101

This is the same as mode 755, or rwxr-xr-x, which is appropriate for directories. A umask ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.