Umask: Controlling Default File and Directory Permissions
The umask (User File Creation Mode Mask) determines the default permissions assigned to newly created files and directories. It acts as a "mask" that restricts the default permissions - in opposition to chmod which acts as a "mask" to allow default permissions.
On Lucia, the default umask is set to 0002, which is the default on RHEL8. This results in quite permissive restrictions as files and directories you create will be group writable and world readable:
- Files:
rw-rw-r-- - Directories:
rwxrwxr-x
This setup allows group members to modify shared files and directories, which is beneficial for collaboration. However, it also means that other users in the same group could intentionally or unintentionally modify or delete your files.
Common Umask Commands
-
Display the current
umaskin octal format: -
Display the current
umaskin symbolic format (easier to interpret): -
Set a new
umask:If you prefer to restrict permissions for newly created files and directories, you can adjust your
umask. For example:-
To make files readable only by you (default
rw-------) and directories accessible only by you (defaultrwx------): -
To allow group read-only access to files (default
rw-r-----) and directories (defaultrwxr-x---):
-
Temporary vs. Permanent Umask Changes
-
Temporary Changes: Setting the
umaskon the command line affects only the current session. For example: -
Permanent Changes: To make the change persistent, add the desired
umaskcommand to your shell configuration file (e.g.,~/.bashrc). For example:
Security Implications
Carefully choose your umask depending on your collaboration needs and security requirements:
- For private files and directories, use a restrictive
umasklike0077. - For collaborative environments, ensure the
umaskaligns with group permissions and workflows.