Question

What is umask? How to set it permanently for a user?

Recently I’ve been seeing this question quite a lot so I decided to shade some light about what a umask is, how to set it permanently for a user and explain what’s the differences between the following umask values: 000, 002, 022, 027, 077 and 277.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

On Linux and Unix operating systems, new files are created with a default set of permissions. According to the official man page the description of umask is:

umask() sets the calling process’s file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used), and returns the previous value of the mask.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

This might be a bit confusing, so essentially what this means is that when a new file or directory is created it is restricted in a specific way by applying permissions “mask” called the umask. The umask command basically sets the default permission or base permissions to the newly created files or folders on a Linux machine. Most of the Linux distros give 022 (0022) as default UMASK.

So for example, if your umask is set to 0022, when you create a new file it would be created with 0644 permissions, if you create a directory it would be created with 755 permissions. So essentially you subtract the umask from the default 666 file and 777 folder permissions.

The umask command is used to set this mask, or to show you its current value.

To make things a bit clearer, here’s a table with a few examples:

Umask File result Directory result
000 666 rw- rw- rw- 777 rwx rwx rwx
002 664 rw- rw- r– 775 rwx rwx r-x
022 644 rw- r-- r– 755 rwx r-x r-x
027 640 rw- r-- — 750 rwx r-x —
077 600 rw---- — 700 rwx — —
277 400 r-- — — 500 r-x — —

Here’s that in action:

umask linux

To permanently change your umask you need to update your shell profile:

~/.profile
~/.bashrc
~/.zshrc
~/.cshrc

Hope that this helps! Regards, Bobby

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

You can use /etc/login.defs

Change UMASK acording the table below.