From Wikipedia, the free encyclopedia

Jump to: navigation, search

umask (abbreviated from user mask) is a command and a function in POSIX environments which sets the default permission modes for newly created files and directories of the current process.

Modern Unix systems allow umasks to be specified in two ways:

  • A default permission, also called a Symbolic Umask. E.g. u=rwx,g=rwx,o=
  • An octal number that controls which permissions will be masked (not set) for any newly created file, e.g. 007.

In both cases bear in mind that most Unix systems do not allow new files to be created with execute permission turned on, regardless of the umask.


[edit] Symbolic umasks

A umask set to u=rwx,g=rwx,o= will result in new files having the modes rw-rw----, and new directories having the modes rwxrwx---.

[edit] Symbolic Umask example

In bash:

 $ umask u=rwx,g=rwx,o=
 $ mkdir foo
 $ touch bar
 $ ls -l
 drwxrwx--- 2 dave dave 512 Sep  1 20:59 foo
 -rw-rw---- 1 dave dave   0 Sep  1 20:59 bar

[edit] Octal Umasks

Octal umasks are calculated via the bitwise AND of the unary complement of the argument (using bitwise NOT) and the full access mode.

The changes will take effect during the current session only.

The full access mode is 666 in the case of files, and 777 in the case of directories. Most Unix shells provide a umask command that affects all child processes executed in this shell. umask uses 777 for both files and folders, if one wants different masks then fmask and dmask should be used.

A common umask value is 022 (masking out the write permission for the group and others), which ensures that new files are only writable for the owner (i.e. the user who created them). Another common value is 002, which leaves the write permission for the file's group enabled. This can be used for files in shared workspaces, where several users work with the same files.

[edit] Octal Umask examples

Assuming the umask has the value 174, any new file will be created with the permissions 602 and any new directory will have permissions 603 because:

6668 AND NOT(1748) = 6028


7778 AND NOT(1748) = 6038
7778 = (111 111 111)2
1748 = (001 111 100)2
NOT(001 111 100)2 = (110 000 011)2
(111 111 111)2 AND (110 000 011)2 = (110 000 011)2
     7778           NOT (174)8          (603)8

In bash:

 $ umask 0174
 $ mkdir foo
 $ touch bar
 $ ls -l
 drw-----wx 2 dave dave 512 Sep  1 20:59 foo
 -rw-----w- 1 dave dave   0 Sep  1 20:59 bar

Using the above mask, octal 1 prevents user execute bit being set, octal 7 prevents all group bits being set, and octal 4 prevents the read bit being set for others.

[edit] Tips

  • When using umask be aware that it applies only to the current process and any future child processes that it may create.
  • If you're using (S)FTP you must restart the (S)FTP daemon after you have set a umask. Additionally, you must re-connect to the server in order for the umask to take effect.

[edit] See also

[edit] References

[edit] External links

Personal tools