Umask

From Hackepedia
Revision as of 14:37, 12 January 2006 by Hawson (talk | contribs) (Rewrite.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

umask is a mask agaist the default permissions used when a file is created.

If you write a file, its default mode is 0666. This means anyone can read or write it (actually removing a file requires directory write access, which is independent of the permissions on a specific file.

If you had a umask of 077, all permissions for "group" and "other" will be masked (e.g. disallowed) when a new file is created.

Here is the formula for determining the mode after umask is applied: mode & !umask. In "English," this means that the you take the umask, apply a unary inverse (e.g. a logical NOT), then bitwise AND this value against the default mode of the new file.

So, given a default mode of 666, and a umask of 027, the following math is performed (behind the scenes!): 

666 & !027 = 640

Which is rw-r----. Working out the binary, we have this: 

 110110110  (default mode 666)
 000010111  (umask of octal 027, in binary)
 
 Negate the umask:
 !000010111 = 111101000
 
 Bitwise AND the negated umask against the default mode
   110110110
 & 111101000
 -----------
   110100000 = 640

Simple, right? ;-)

Just remember that the umask is used to set the permissions that you want prevent from getting set by default, and you'll be okay.

Common mask settings:

Umask Default file permissions Notes
077 600 (rw-------) Very restrictive, good for root, and paranoid users
027 640 (rw-r-----) Common for users who want to let certain people read files
002 660 (rw-rw-r--) Good for collaboration and active sharing of files.
Retrieved from "https://hackepedia.org/?title=Umask&oldid=1950"