umask also known as:
is a security command and a function in POSIX environments that sets the default privileges that a file get when it's created.
When a shell or other program is creating a file or directory, it specifies the permissions to be granted.
When programs create files, they usually specify read and write permissions for all users, and no execute permissions at all (rw-rw-rw- or octal 666). Files created in this way will not be executable even if the umask would have allowed that.
On the other hand, when programs create directories, they usually specify read, write, and execute permissions for all users (rwxrwxrwx or octal 777). Directories created in this way will thus be searchable unless the umask restricts that. security
The umask command changes the umask of the shell process, and all processes subsequently started from the shell then inherit the new umask. The effect is lost when these processes terminate, e.g. when the user logs out.
When you start a shell, you will then inherit this default umask, this default permissions.
Most likely, it’s set at 022, allowing:
umask number
where number is the permission number.
$ umask
0022
$ umask -S # display the mask symbolically
u=rwx,g=rwx,o=
umask 022
To set an umask permanently, the appropriate umask command can be added to a login script. Example:
# file protection
umask 002 # all to me, read to group and others
PAM have also a module to set it. See pam_umask
Example:
session optional pam_umask.so umask=0022