Change Default File Permissions with umask

By default, Linux permissions for new directories are typically set to 755 allowing read, write, and execute permissions to user and only read and execute to group and other users.  Conversely, file permissions default to 644 allowing read and write access to user but only read to group and others.  These defaults are controlled by the user file-creation mask or umask.

A user or administrator may want to change the Linux default permissions by using the umask command in a login script.  The umask command can be used without specifying any arguments to determine what the current default permissions are.  The value displayed by umask must be subtracted from the defaults of 777 for directories and 666 for files to determine the current defaults.  A typical umask which will generate the permissions listed in the previous paragraph would be 0022.  The first digit pertains to the sticky bit which will be explained further later in this section.

The ?S option can be used to see the current default permissions displayed in the alpha symbolic format.  Default permissions can be changed by specifying the mode argument to umask within the user?s shell profile (.bash_profile) script.

The following are some examples.

Using umask to Set Default Permissions

$ umask
0022

$ umask -S
u=rwx,g=rx,o=rx

$ umask 033

$ umask
0033

$ umask -S
u=rwx,g=r,o=r

The default umask will cause users to create files which any user can read.  In many instances where you have a multi-user system this is not desirable and a more appropriate umask may be 077.  That umask will enforce the default permissions to be read, write and execute for the owner and no permissions for the group and other users.

There are a few special permission mode settings that are worthy of noting.  Table 6.3 below contains a few of these special settings.