On Linux and other Unix-like operating systems, new files are created with a default set of permissions. Specifically, a new file's permissions may be restricted in a specific way by applying a permissions "mask" called the umask. The umask command is used to set this mask, or to show you its current value.
umask [-S] [mask]
| -S | Accept a symbolic representation of a mask, or return one. |
| mask | If a valid mask is specified, the umask is set to this value. If no mask is specified, the current umask value is returned. |
# umask 0022
The umask masks permissions by restricting them by a certain value.
Essentially, each digit of the umask is "subtracted" from the OS's default value to arrive at the default value you define. It's not really subtraction; technically, the mask is negated (its bitwise compliment is taken) and this value is then applied to the default permissions using a logical AND operation. The result is that the umask tells the operating system which permission bits to "turn off" when it creates a file.
In Linux, the default permissions value is 666 for a regular file, and 777 for a directory. When creating a new file or directory, the kernel takes this default value, "subtracts" the umask value, and gives the new files the resulting permissions.
| umask digit | Default file permissions | Default directory permissions |
|---|---|---|
| 0 | rw | rwx |
| 1 | rw | rw |
| 2 | r | rx |
| 3 | r | r |
| 4 | w | wx |
| 5 | w | w |
| 6 | x | x |
| 7 | (no permission allowed) | (no permission allowed) |
So if our umask value is 022, then any new files will, by default, have the permissions 644 (666 - 022). Likewise, any new directories will, by default, be created with the permissions 755 (777 - 022).