Skip to content

Umask: Controlling Default File and Directory Permissions

The umask (User File Creation Mode Mask) determines the default permissions assigned to newly created files and directories. It acts as a "mask" that restricts the default permissions - in opposition to chmod which acts as a "mask" to allow default permissions.

Default Umask on Lucia

On Lucia, the default umask is set to 0002, which is the default on RHEL8. This results in quite permissive restrictions as files and directories you create will be group writable and world readable:

  • Files: rw-rw-r--
  • Directories: rwxrwxr-x

This setup allows group members to modify shared files and directories, which is beneficial for collaboration. However, it also means that other users in the same group could intentionally or unintentionally modify or delete your files.

Common Umask Commands

  • Display the current umask in octal format: 

    > umask
0002

  • Display the current umask in symbolic format (easier to interpret): 

    > umask -S
u=rwx,g=rwx,o=rx

  • Set a new umask:

    If you prefer to restrict permissions for newly created files and directories, you can adjust your umask. For example:

    • To make files readable only by you (default rw-------) and directories accessible only by you (default rwx------): 

      > umask 0077

    • To allow group read-only access to files (default rw-r-----) and directories (default rwxr-x---): 

      > umask 0027

Temporary vs. Permanent Umask Changes

  • Temporary Changes: Setting the umask on the command line affects only the current session. For example: 

    > umask 0027

  • Permanent Changes: To make the change persistent, add the desired umask command to your shell configuration file (e.g., ~/.bashrc). For example: 

    ## modifications will be persistent starting from future login
> echo "umask 0027" >> ~/.bashrc
## to apply the modification to the current shell
> source ~/.bashrc

Security Implications

Carefully choose your umask depending on your collaboration needs and security requirements:

  • For private files and directories, use a restrictive umask like 0077.
  • For collaborative environments, ensure the umask aligns with group permissions and workflows.