What is the “umask”? How can I set it?

By: cboltz

February 22, 2006 12:00 am





The umask defines the permissions a new file will get – or better:
the permissions it will not get.

You can display the current umask numeric and as text:

user@host:~ $ umask
user@host:~ $ umask -S

The numbers mean the following:

0 0 2 7
| | | '--> permissions for others (o)
| | '--> permissions for the group (g)
| '--> permissions for the owner (user, u)
'--> special permissions (SUID, SGID, sticky) - always 0 in umask

The digits for user, group and others are the sum of:

  • 1 – execute permission (x)
  • 2 – write permission (w)
  • 4 – read permission (r)

Therefore umask 0027 means:

  • all permissions for the file owner (user)
  • no write permissions (but read and execute permissions) for the group
  • no permissions for others

You can specify the umask with the command umask 0027. The
number can vary, of course. The umask you define this way is valid in
the current shell and all child processes. If you set the umask in
~/.profile, it is valid for the whole time you are logged in.
If you define it in a xterm, it is only valid for everything you do in
this xterm.

If you want to define the umask for a specific directory (example:
group write permissions for a directory you use together with your
colleges), you’ll become sweating when using the umask command
because it is always valid for all directories.

The solution of this problem is setting a default ACL. The
following command ensures that all new files in /home/shared/
have all permissions (including write permissions) set for the group:

setfacl -d -m mask:007 /home/shared/

You should also set the sgid-bit for the directory and choose the
wanted group using chgrp:

chgrp the_team /home/shared/
chmod g+s /home/shared/

If /home/shared/ already contains subdirectories, you have
to change their permissions as well. Tip: all mentioned commands know
the -R option.

Starting with KDE 3.5 (which will be contained in the upcoming SUSE
Linux 10.1) you can easily define ACLs using the file properties dialog.

If you want to access /home/shared/ only using samba, you
can instead use the directory mask and create mask for
the share (be warned: samba doesn’t use the inverted permission mask as
umask does!). You should also set the force group option.

Original URL (german):

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.