umask Command Cheat Sheet
umask (user file creation mode mask) determines the settings of a mask that controls which file permissions are unset for newly created files and directories.
Synopsis
umask [mode]
Concepts
Linux base permissions:
- Files: 666 (rw-rw-rw-)
- Directories: 777 (rwxrwxrwx)
The umask is subtracted from these defaults.
Common Values
| umask | File Result | Directory Result | Effect |
|---|---|---|---|
000 |
666 (rw-rw-rw-) | 777 (rwxrwxrwx) | No restrictions (Insecure) |
002 |
664 (rw-rw-r--) | 775 (rwxrwxr-x) | Group writable |
022 |
644 (rw-r--r--) | 755 (rwxr-xr-x) | Standard default (Readable by all, writable by owner) |
027 |
640 (rw-r-----) | 750 (rwxr-x---) | Group read, Others nothing |
077 |
600 (rw-------) | 700 (rwx------) | Private (Only owner) |
Setting umask
Temporary (Current Shell)
umask 077
touch secret.txt
ls -l secret.txt
# -rw------- 1 user user ...
Permanent
Edit ~/.bashrc or /etc/profile:
# Force detailed privacy
umask 027
Symbolic Mode (-S)
View mask in symbolic form (showing what is kept, not what is removed).
umask -S
# u=rwx,g=rx,o=rx (equivalent to 022)
Set using symbols:
umask u=rwx,g=,o=
# Equivalent to 077
Notes
- Calculation: Technically it's a bitwise AND with the complement (
Permissions & ~Umask), not simple subtraction, but subtraction works for standard thinking.