The umask

The umask (Unix shorthand for “user file-creation mode mask”) is a four-digit octal number that Unix uses to determine the file permission for newly created files. Every process has its own umask, inherited from its parent process.

The umask specifies the permissions you do not want given by default to newly created files and directories. By default, most Unix versions specify an octal mode of 666 (any user can read or write the file) when they create new files.[72] Likewise, new programs are created with a mode of 777 (any user can read, write, or execute the program). The complement of the umask value (the bits that are not set in the umask) is combined with the default permissions using bitwise AND. That is, inside the kernel, the mode specified in the open call is masked with the value specified by the umask—thus its name.

Normally, you or your system administrator set the umask in your .login, .cshrc, or .profile files, or in the system /etc/profile or /etc/cshrc file. For example, you may have a line that looks like this in one of your startup files:

# Set the user's umask
umask 033

When the umask is set in this manner, it should be set as one of the first commands. Anything executed prior to the umask command will have its prior, possibly unsafe, value.

Under SVR4 you can specify a default umask value in the /etc/defaults/login file. This umask is then given to every user that executes the login program. This method is a much better (and more reliable) means of setting ...

Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.