When new files are created, the protection bits are set according to the user’s default setting. That default is established using the umask command, probably in a startup script. This command accepts only one argument, which is a three-digit octal string that masks the user, group, and other permission bits for newly created files and directories. Without a value, umask reports the current value:
When provided with an integer, umask sets the value for the current shell:
A umask of 22 can be rewritten as 022, or as 000010010 in binary.
The process of creating the initial mode for newly created files begins with a raw initial mode string, as defined in Table 7-4.
6 6 6
7 7 7
The special bits are always turned off and are not masked by the umask. When a file is created, the umask is subtracted from 666; for directories, it is subtracted from 777. This calculation yields the effective protection mode for the file or directory. For example, a umask of 22 (022) is applied to a new file, masking the write permission for group and other user classes:
110 110 110 - 000 010 010 ------------- 110 100 100
This is the same as mode 644, or
Using the same mask on a directory yields a similar result:
111 111 111 - 000 010 010 ------------- 111 101 101
This is the same as mode 755, or
rwxr-xr-x, which is appropriate for directories. A umask ...