Linux Commands

What are umask bits and How to Use Them in Linux?

In Linux, every file and directory has some permissions that help to manage the access level of every user on the system. User file creation mode mask bits set the permissions for newly created files or directories. Linux umask consists of nine bits: three bits for the user(owner), group, and other users. The umask changes the default permission of newly created files to prevent other users from accessing them. We can change these permissions by using umask commands.

Getting Started

List the permissions assigned to the files and directories, as follows:

[email protected]:~$ ls -la

total 32

drwxr-xr-x 5 ubuntu ubuntu 4096 Sep 23 23:57 .

drwxr-x--- 32 ubuntu ubuntu 4096 Sep 24 03:31 ..

drwxrwxr-x 3 ubuntu ubuntu 2048 Sep 5 17:43 aircrack

drwxrwxr-x 3 775 ubuntu 4096 Mar 31 15:03 Angular

drwxrwxr-x 4 ubuntu ubuntu 1024 Apr 1 16:13 'Bash'

-rwxrw-r-- 1 ubuntu ubuntu 0 Jul 30 16:28 games

-rw------- 1 ubuntu ubuntu 12288 Jul 30 16:20 .swp

-rw-rw-r-- 1 ubuntu ubuntu 0 Sep 23 23:57 test

Permissions in Linux

Every file created in Linux has certain properties associated with it, like ownership and permission. The ownership of each file and directory involves a user(owner) and a group. Similarly, the options for setting file and directory permissions are shown below:

  • r is for read permission with a value of 4
  • w is for write permission with a value of 2
  • x is for execute permission with a value of 1

We can combine these permissions to assign a varying level of access to files or directories:

  • rwx: it has full read, write, and execute permission with a value of 7
  • rw-: it has only read and write permission with a value of 6
  • r–: it has only read permission with a value of 4
  • r-x: it has only read and execute permission with a value of 5

So, whenever we want to permit a certain file or folder for the owner, group, or other users, we must change the default mask. We can find out the default mask by this command.

[email protected]:~$ umask

0002

In order to assign permission to a file or directory, we give it the umask value. Following are the permissions for directories against their umask values:

Permissions values umask value

rwxrwxrwx 777 0000

rwxrwxr-x 775 0002

rwxrw-r-- 764 0013

rwxr-xr-x 755 0022

rw-r--r-- 644 0133

To verify the permissions against the umask value, set the umask value to 0022 and create a directory such that every new directory has a default permission value of 755:

[email protected]:~$ umask 0022

[email protected]:~$ mkdir dir1

[email protected]:~$ ls -l

drwxr-xr-x 2 ubuntu ubuntu 4096 Sep 24 16:46 dir1

Following are the permissions for files against their umask values:

Permissions values umask value

rw-rw-rw- 666 0000

rw-rw-r-- 664 0002

rw-r--r-- 644 0022

Now set the umask value to 0022 and create a new file. The file will have 644 permissions:

[email protected]:~$ umask 0022

[email protected]:~$ touch file1

[email protected]:~$ ls -l file1

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 24 16:32 file1

Permission Assignment via Octal Notation

Now create a file & directory using the 0777 umask value. The directory and file created will have no permissions:

[email protected]:~$ umask 0777

[email protected]:~$ touch file2

[email protected]:~$ mkdir dir2

[email protected]:~$ ls -l

---------- 1 ubuntu ubuntu 0 Sep 24 16:53 file2

d--------- 2 ubuntu ubuntu 4096 Sep 24 16:53 dir2

For full permission assignment to the new files and directories, set the umask value to 0000.

[email protected]:~$ umask 0000

[email protected]:~$ touch file3

[email protected]:~$ mkdir dir3

[email protected]:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 24 16:56 file3

drwxrwxrwx 2 ubuntu ubuntu 4096 Sep 24 16:55 dir3

Permission Assignment via Symbolic Notation

Set file permissions using the symbolic options instead of the octal values. To set the full permissions using the symbolic options, run the following command.

[email protected]:~$ umask a=rwx

[email protected]:~$ touch file4 && mkdir dir4

[email protected]:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 25 13:08 file4

drwxrwxrwx 2 ubuntu ubuntu 4096 Sep 25 13:08 dir4

To set the rw permissions for the user(owner), use the following command:

[email protected]:~$ umask u=rw

[email protected]:~$ touch file5 && mkdir dir5

[email protected]:~$ ls -l

-rw-rw-rw- 1 ubuntu ubuntu 0 Sep 25 13:35 file5

drw-rwxrwx 2 ubuntu ubuntu 4096 Sep 25 13:35 dir5

Set the umask permissions for the group as follows:

[email protected]:~$ umask g=rx

[email protected]:~$ touch file6 && mkdir dir6

[email protected]:~$ ls -l

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 25 13:37 file6

drw-r-xr-- 2 ubuntu ubuntu 4096 Sep 25 13:37 dir6

Set the umask permissions for others using the command below:

[email protected]:~$ umask o=r

[email protected]:~$ touch file7 && mkdir dir7

[email protected]:~$ ls -l

-rw-r--r-- 1 ubuntu ubuntu 0 Sep 25 13:39 file7

drw-r-xr-- 2 ubuntu ubuntu 4096 Sep 25 13:39 dir7

View the current umask in its symbolic form:

[email protected]:~$ umask -S

u=rwx,g=rx,o=r

Umask configuration

The permission in umask remains only for the current session or directory. To implement changes permanently, set the changes in its configuration settings. The configuration settings of the umask may vary for each distribution; however, to add the umask values permanently in Ubuntu, make changes to the bash.bashrc file. Open the file in your favorite editor to include the changes as shown below:

[email protected]:~$ sudo nano /etc/bash.bashrc

Conclusion

Umask is a useful tool to assign specific default permission to the newly created files and directories. The article shows how to use umask bits, and the values against read/write/execute permissions. We also demonstrate how to assign permissions via umask bits using octal and symbolic notations.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14