What is umask? How to set it permanently for a user?

Recently I’ve been seeing this question quite a lot so I decided to shade some light about what a umask is, how to set it permanently for a user and explain what’s the differences between the following umask values: 000, 002, 022, 027, 077 and 277.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
November 14, 2019
Accepted Answer

On Linux and Unix operating systems, new files are created with a default set of permissions. According to the official man page the description of umask is:

umask() sets the calling process’s file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used), and returns the previous value of the mask.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

This might be a bit confusing, so essentially what this means is that when a new file or directory is created it is restricted in a specific way by applying permissions “mask” called the umask. The umask command basically sets the default permission or base permissions to the newly created files or folders on a Linux machine. Most of the Linux distros give 022 (0022) as default UMASK.

So for example, if your umask is set to 0022, when you create a new file it would be created with 0644 permissions, if you create a directory it would be created with 755 permissions. So essentially you subtract the umask from the default 666 file and 777 folder permissions.

The umask command is used to set this mask, or to show you its current value.

To make things a bit clearer, here’s a table with a few examples:

Umask File result Directory result
000 666 rw- rw- rw- 777 rwx rwx rwx
002 664 rw- rw- r– 775 rwx rwx r-x
022 644 rw- r-- r– 755 rwx r-x r-x
027 640 rw- r-- — 750 rwx r-x —
077 600 rw---- — 700 rwx — —
277 400 r-- — — 500 r-x — —

Here’s that in action:

umask linux

To permanently change your umask you need to update your shell profile:


Hope that this helps! Regards, Bobby

You can use /etc/login.defs

Change UMASK acording the table below.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel