umask

In short, umask (user file-creation mask) determines the default permissions assigned to a new file or directory the moment it is created.

1. How it Works: The "Subtraction" Logic

Think of umask as a filter or a mask (hence the name). It doesn't set permissions; it strips them away from a base permission set.

The Base Permissions

Before the mask is applied, the system starts with a "maximum" permission level:

• Directories: 777 (rwxrwxrwx) — because you usually want directories to be searchable.

• Files: 666 (rw-rw-rw-) — Linux, by default, does not give "execute" permissions to new files for security reasons.

The Calculation

The actual permission is calculated by taking the base and "subtracting" the mask.

Final Permission = Base Permission - umask

2. Common umask Examples

If you run the command umask without arguments, it will show your current mask (e.g., 0022).

Mask Base(File) Final(File) Resulting String Logic

0022 666 644 rw-r--r-- Public can read, but not write.(Standard)

0002 666 664 rw-rw-r-- Group can write too.

0077 666 600 rw------- Complete privacy. Only you can read/write.

3. Using the umask Command

You can use the command to check or temporarily change your mask.

• View current mask (octal):

  umask # Output: 0022

• Change the mask:

  If you want your new files to be private by default:

  umask 0077

• You can say umask 022 or umask 0022 are the same.

A Quick Tip

Maybe the exam might try to trick you with a mask like 0033.

If you subtract 3 (write + execute) from a base file permission of 6 (read + write), you get 4.

Note: setting a Default ACL (Access Control List) is a more modern way to solve permissions problems without messing with umasks. However, ACL is not covered for the current LPIC-1 exam 101.