The umask defines the permissions a new file will get – or better:
the permissions it will not get.
You can display the current umask numeric and as text:
user@host:~ $ umask 0027 user@host:~ $ umask -S u=rwx,g=rx,o=
The numbers mean the following:
0 0 2 7 | | | '--> permissions for others (o) | | '--> permissions for the group (g) | '--> permissions for the owner (user, u) '--> special permissions (SUID, SGID, sticky) - always 0 in umask
The digits for user, group and others are the sum of:
- 1 – execute permission (x)
- 2 – write permission (w)
- 4 – read permission (r)
Therefore umask 0027 means:
- all permissions for the file owner (user)
- no write permissions (but read and execute permissions) for the group
- no permissions for others
You can specify the umask with the command umask 0027. The
number can vary, of course. The umask you define this way is valid in
the current shell and all child processes. If you set the umask in
~/.profile, it is valid for the whole time you are logged in.
If you define it in a xterm, it is only valid for everything you do in
If you want to define the umask for a specific directory (example:
group write permissions for a directory you use together with your
colleges), you’ll become sweating when using the umask command
because it is always valid for all directories.
The solution of this problem is setting a default ACL. The
following command ensures that all new files in /home/shared/
have all permissions (including write permissions) set for the group:
setfacl -d -m mask:007 /home/shared/
You should also set the sgid-bit for the directory and choose the
wanted group using chgrp:
chgrp the_team /home/shared/ chmod g+s /home/shared/
If /home/shared/ already contains subdirectories, you have
to change their permissions as well. Tip: all mentioned commands know
the -R option.
Starting with KDE 3.5 (which will be contained in the upcoming SUSE
Linux 10.1) you can easily define ACLs using the file properties dialog.
If you want to access /home/shared/ only using samba, you
can instead use the directory mask and create mask for
the share (be warned: samba doesn’t use the inverted permission mask as
umask does!). You should also set the force group option.
Original URL (german):