The umask Command
Setting your default file access mode with the umask command
Umask is a C-shell built-in command which allows you to determine or specify the default access (protection) mode for new files you create. (See the general help file on “unix/access protection 1 – chmod” for more information on access modes and how to change modes for existing files.) You may issue the umask command interactively at the command prompt to affect files created during the current session. More often, the umask command is placed in the .cshrc file to be executed automatically whenever a new C-shell is started, ensuring that the default is the same for each session.
Syntax for the umask command
The syntax for the umask command is
umask [ value ]
where “value” is an octal number of up to three digits. If “value” is not specified, the umask command returns the current umask value. If an octal number shorter than three digits is specified, it is assumed to be padded with leading zeros; e.g., “77″ is equivalent to “077.” The scheme for determining what octal number produces which access mode (described below) is somewhat involved; however, the list of common access modes given below can probably help you avoid having to learn the scheme.
Umask settings for common access modes
The following examples show the effect on files and directories created under various umask values. In each of the two lists, values are listed in decreasing order of security. Unless you have a particular reason to allow others access to your files, the “077″ umask is recommended to provide reasonable protection for your files. Placing the line
in your .cshrc will cause all new files and directories to be created without access for group and others.
In the following examples, “user” refers to the creator or owner of the file or directory, “group” to the group associated with the file (you can determine this by using “ls -lg”), and “others” to anyone who is not the “user” or in the “group.”
Value Mode Effect on FILES Created Under Value 077 -rw------- user can read and write file; no access for group or others 027 -rw-r----- user can read and write file; group can read; no access for others 007 -rw-rw---- user can read and write file; group can do the same; no access for others 022 -rw-r--r-- user can read and write file; group can read; others can read 002 -rw-rw-r-- user can read and write file; group can read and write; others can read Value Mode Effect on DIRECTORIES Created Under Value 077 drwx------ user can read, write, list names of files in the directory, and delete files from the directory; no access for group or others 027 drwxr-x--- user can read, write, list names of files in the directory, and delete files from the directory; group can read and list names of files; no access for others 007 drwxrwx--- user can read, write, list names of files in the directory, and delete files from the directory; group can do the same as the user; no access for others 022 drwxr-xr-x user can read, write, list names of files in the directory, and delete files from the directory; group can read and list names of files; others can read and list names of files 002 drwxrwxr-x user can read, write, list names of files in the directory, and delete files from the directory; group can do the same as the user; others can read and list names of files
How to determine the access mode produced by a given octal value
If you found your favorite in the list of common values above, you may want to skip the following explanation and proceed directly to the section on references. If not, read on.
The three-digit octal value returned by or specified for umask is a file creation mask. The first digit is associated with the user (creator of the file), the second with the group, and the third with others. This mask is XORed (eXclusive ORed) with the access mode 666 for files or 777 for directories to determine the access mode for newly created files and directories. The “execute” permission is associated with the value “1,” the “write” permission with “2,” and the “read” permission with “4.” These permission values are added together to create each octal digit. Since the mask is XORed with the octal number 666 or 777, which represent full permissions for user, group, and others (each digit in that order), the result is the opposite of what is represented by the mask; that is, the umask value specifies those access modes which are to be DENIED. For example, XORing the umask value of 077 (7=1+2+4: DENY no permissions for the user, DENY all permissions for the group and others) with 666 or 777 results in files and directories being created with the access mode: all permissions for the user and none for the group or others.
For further information, see the chmod help file. Also see the online manual pages for umask, chmod, and ls.