Linux Commands

What are umask bits and How to Use Them in Linux?

In Linux, every file and directory has some permissions that help to manage the access level of every user on the system. User file creation mode mask bits set the permissions for newly created files or directories. Linux umask consists of nine bits: three bits for the user(owner), group, and other users. The umask changes the default permission of newly created files to prevent other users from accessing them. We can change these permissions by using umask commands.

Getting Started

List the permissions assigned to the files and directories, as follows:

ubuntu@ubuntu:~$ ls -la

total 32

drwxr-xr-x 5 ubuntu ubuntu 4096 Sep 23 23:57 .

drwxr-x--- 32 ubuntu ubuntu 4096 Sep 24 03:31 ..

drwxrwxr-x 3 ubuntu ubuntu 2048 Sep 5 17:43 aircrack

drwxrwxr-x 3 775 ubuntu 4096 Mar 31 15:03 Angular

drwxrwxr-x 4 ubuntu ubuntu 1024 Apr 1 16:13 'Bash'

-rwxrw-r-- 1 ubuntu ubuntu 0 Jul 30 16:28 games

-rw------- 1 ubuntu ubuntu 12288 Jul 30 16:20 .swp

-rw-rw-r-- 1 ubuntu ubuntu 0 Sep 23 23:57 test

Permissions in Linux

Every file created in Linux has certain properties associated with it, like ownership and permission. The ownership of each file and directory involves a user(owner) and a group. Similarly, the options for setting file and directory permissions are shown below:

  • r is for read permission with a value of 4
  • w is for write permission with a value of 2
  • x is for execute permission with a value of 1

We can combine these permissions to assign a varying level of access to files or directories:

  • rwx: it has full read, write, and execute permission with a value of 7
  • rw-: it has only read and write permission with a value of 6
  • r–: it has only read permission with a value of 4
  • r-x: it has only read and execute permission with a value of 5

So, whenever we want to permit a certain file or folder for the owner, group, or other users, we must change the default mask. We can find out the default mask by this command.

ubuntu@ubuntu:~$ umask

0002

In order to assign permission to a file or directory, we give it the umask value. Following are the permissions for directories against their umask values:

Permissions values umask value

rwxrwxrwx 777 0000

rwxrwxr-x 775 0002

rwxrw-r-- 764 0013

rwxr-xr-x 755 0022

rw-r--r-- 644 0133

To verify the permissions against the umask value, set the umask value to 0022 and create a directory such that every new directory has a default permission value of 755:

ubuntu@ubuntu:~$ umask 0022

ubuntu@ubuntu:~$ mkdir dir1

ubuntu@ubuntu:~$ ls -l

drwxr-xr-x 2 ubuntu ubuntu 4096 Sep 24 16:46 dir1

Following are the permissions for files against their umask values:

Permissions values umask value

rw-rw-rw- 666 0000

rw-rw-r-- 664 0002

rw-r--r-- 644 0022

Now set the umask value to 0022 and create a new file. The file will have 644 permissions:

ubuntu@ubuntu:~$ umask 0022

ubuntu@ubuntu:~$ touch file1

ubuntu@ubuntu:~$ ls -l file1

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 24 16:32 file1

Permission Assignment via Octal Notation

Now create a file & directory using the 0777 umask value. The directory and file created will have no permissions:

ubuntu@ubuntu:~$ umask 0777

ubuntu@ubuntu:~$ touch file2

ubuntu@ubuntu:~$ mkdir dir2

ubuntu@ubuntu:~$ ls -l

---------- 1 ubuntu ubuntu 0 Sep 24 16:53 file2

d--------- 2 ubuntu ubuntu 4096 Sep 24 16:53 dir2

For full permission assignment to the new files and directories, set the umask value to 0000.

ubuntu@ubuntu:~$ umask 0000

ubuntu@ubuntu:~$ touch file3

ubuntu@ubuntu:~$ mkdir dir3

ubuntu@ubuntu:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 24 16:56 file3

drwxrwxrwx 2 ubuntu ubuntu 4096 Sep 24 16:55 dir3

Permission Assignment via Symbolic Notation

Set file permissions using the symbolic options instead of the octal values. To set the full permissions using the symbolic options, run the following command.

ubuntu@ubuntu:~$ umask a=rwx

ubuntu@ubuntu:~$ touch file4 && mkdir dir4

ubuntu@ubuntu:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 25 13:08 file4

drwxrwxrwx 2 ubuntu ubuntu 4096 Sep 25 13:08 dir4

To set the rw permissions for the user(owner), use the following command:

ubuntu@ubuntu:~$ umask u=rw

ubuntu@ubuntu:~$ touch file5 && mkdir dir5

ubuntu@ubuntu:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 25 13:35 file5

drw-rwxrwx 2 ubuntu ubuntu 4096 Sep 25 13:35 dir5

Set the umask permissions for the group as follows:

ubuntu@ubuntu:~$ umask g=rx

ubuntu@ubuntu:~$ touch file6 && mkdir dir6

ubuntu@ubuntu:~$ ls -l

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 25 13:37 file6

drw-r-xr-- 2 ubuntu ubuntu 4096 Sep 25 13:37 dir6

Set the umask permissions for others using the command below:

ubuntu@ubuntu:~$ umask o=r

ubuntu@ubuntu:~$ touch file7 && mkdir dir7

ubuntu@ubuntu:~$ ls -l

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 25 13:39 file7

drw-r-xr-- 2 ubuntu ubuntu 4096 Sep 25 13:39 dir7

View the current umask in its symbolic form:

ubuntu@ubuntu:~$ umask -S

u=rwx,g=rx,o=r

Umask configuration

The permission in umask remains only for the current session or directory. To implement changes permanently, set the changes in its configuration settings. The configuration settings of the umask may vary for each distribution; however, to add the umask values permanently in Ubuntu, make changes to the bash.bashrc file. Open the file in your favorite editor to include the changes as shown below:

ubuntu@ubuntu:~$ sudo nano /etc/bash.bashrc

Conclusion

Umask is a useful tool to assign specific default permission to the newly created files and directories. The article shows how to use umask bits, and the values against read/write/execute permissions. We also demonstrate how to assign permissions via umask bits using octal and symbolic notations.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14