Back to Commands

umask

shell builtinLinux/Unix
The umask command is one of the most frequently used commands in Linux/Unix-like operating systems. umask Set file mode creation mask
See ExamplesView Syntax

Quick Reference

Command Name:

umask

Category:

shell builtin

Platform:

Linux/Unix

Basic Usage:

umask [options] [arguments]

Common Use Cases

    Syntax

    umask [-p] [-S] [mode]

    Options

    Option Description
    -p Output the umask in a form that can be used as input
    -S Output the umask in symbolic form

    Mode formats:

    • Octal mode: A 3 or 4-digit octal number (e.g., 022, 0022)
    • Symbolic mode: Uses letters and symbols (e.g., u=rwx,g=rx,o=)

    Examples

    How to Use These Examples

    The examples below show common ways to use the umask command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    # Display current umask in octal umask
    # Display current umask in symbolic format umask -S
    # Set umask to 022 (files: 644, directories: 755) umask 022
    # Set umask using symbolic mode umask u=rwx,g=rx,o=rx
    # Advanced Examples Advanced
    # Create a file after setting umask umask 022 touch testfile ls -l testfile # Create a directory after setting umask umask 027 mkdir testdir ls -ld testdir # Set more restrictive umask for confidential work umask 077 touch confidential_file.txt ls -l confidential_file.txt # Show umask in a form that can be used as input umask -p # Use umask in a subshell without affecting the parent shell (umask 077; touch private_file.txt) ls -l private_file.txt # Add umask to shell configuration for persistence echo "umask 022" >> ~/.bashrc # Create a umask for a specific command umask 027 && tar -czf backup.tar.gz /important/data # Set different umask for different file types umask u=rwx,g=rx,o= # Use umask in a script to ensure consistent permissions #!/bin/bash umask 022 touch script_generated_file.txt mkdir script_generated_dir # Calculate actual permissions that will be set echo "Files will be created with permissions: $(( 666 - $(umask) ))" echo "Directories will be created with permissions: $(( 777 - $(umask) ))"

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `umask` (user mask) command is a shell builtin that determines the default permissions for newly created files and directories. It works by setting a "mask" that is subtracted from the default permissions, effectively removing specific permissions when files or directories are created. The default creation permissions before umask is applied are: - For files: 666 (rw-rw-rw-) - For directories: 777 (rwxrwxrwx) The umask value is subtracted from these defaults to determine the actual permissions. For example, with a umask of 022: - Files would get 644 permissions (666 - 022 = 644 or rw-r--r--) - Directories would get 755 permissions (777 - 022 = 755 or rwxr-xr-x) Understanding this "subtraction" concept is crucial for correctly setting your umask. Each digit in the umask corresponds to permissions for user, group, and others, respectively. The bits in each digit represent: - 4: read permission - 2: write permission - 1: execute permission So a umask of 022 means: - 0: Don't remove any permissions for the owner - 2: Remove write permission for the group - 2: Remove write permission for others Common umask values include: - **022**: Standard umask on many systems, resulting in files with 644 (rw-r--r--) and directories with 755 (rwxr-xr-x) permissions. This allows group members and others to read files and traverse directories, but not modify them. - **027**: More restrictive, resulting in files with 640 (rw-r-----) and directories with 750 (rwxr-x---) permissions. This allows group members to read files and traverse directories, but others have no access. - **077**: Highly restrictive, resulting in files with 600 (rw-------) and directories with 700 (rwx------) permissions. This gives access only to the owner. - **002**: Less restrictive, resulting in files with 664 (rw-rw-r--) and directories with 775 (rwxrwxr-x) permissions. This is common in collaborative environments where group members need to modify each other's files. The `umask` command affects only the current shell session and processes spawned from it. To make umask settings persistent, you should add the appropriate `umask` command to your shell initialization files like `.bashrc`, `.bash_profile`, or `.profile`. For system-wide defaults, administrators might modify `/etc/profile`, `/etc/bash.bashrc`, or distribution-specific configuration files. In security-conscious environments, proper umask settings are critical. They help prevent information leakage and unauthorized modifications by ensuring newly created files and directories have appropriate permissions from the moment they're created. Modern systems also support more fine-grained permission control through Access Control Lists (ACLs), which can complement but not replace the basic umask functionality.

    Related Commands

    These commands are frequently used alongside umask or serve similar purposes:

    chmod
    mkdir
    touch
    ls
    stat
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the umask command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ umask
    View All Commands