Linux - Umask (user mask)


umask also known as:

  • user mask
  • user file creation mask

is a security command and a function in POSIX environments that sets the default privileges that a file get when it's created.

When a shell or other program is creating a file or directory, it specifies the permissions to be granted.

When programs create files, they usually specify read and write permissions for all users, and no execute permissions at all (rw-rw-rw- or octal 666). Files created in this way will not be executable even if the umask would have allowed that.

On the other hand, when programs create directories, they usually specify read, write, and execute permissions for all users (rwxrwxrwx or octal 777). Directories created in this way will thus be searchable unless the umask restricts that. security


The umask command changes the umask of the shell process, and all processes subsequently started from the shell then inherit the new umask. The effect is lost when these processes terminate, e.g. when the user logs out.

When you start a shell, you will then inherit this default umask, this default permissions.

Most likely, it’s set at 022, allowing:

  • the owner read, write and execute access,
  • the group and all others read and execute permissions.


umask number

where number is the permission number.



$ umask
$ umask -S        # display the mask symbolically


umask 022


Login script

To set an umask permanently, the appropriate umask command can be added to a login script. Example:

#   file protection
umask 002       # all to me, read to group and others


PAM have also a module to set it. See pam_umask


  • Add the following line to set the user specific umask at login:
session optional umask=0022

Documentation / Reference

Discover More
Azure Firewall Public Ip Restriction
Azure - Oracle Database Manually Installation on Linux

The installation of the Oracle database on bare-bone Linux. For a quick an dirty installation, see Creation of a VM with Oracle Linux 7 Update 4 and a Standard_DS1_v2...
Bash Liste Des Attaques Ovh
Bash - Builtin Commands

builtin refers to: a builtin command. See or to the specific builtin command. See (useful when defining a function whose name is the same as a shell builtin) The builtin command execute the specified...
Yarn Hortonworks

ACL POSIX style permissions/HDFS ACLs in HDFS is one authorization method . By default, ACLs are disabled. dfs.namenode.acls.enabled - Set to true to enable support for HDFS ACLs (Access Control...
Linux - File/Folder Permissions - Access Control List ( ACL ) - Posix Model

In Linux, every object is a file. A directory or a folder is then also a file. Linux follows the POSIX permissions model. A permission is a combination between: an access right (read, write, execute)...
Linux - su command (switch user)

The su command (switch user) is a part of the user management. To switch to another user, use the su command. This is most commonly used to switch to the root account. su run a shell with substitute...
Oracle Database 11gr2 Typical Installation
Oracle Database - Installation 11g Release 2 (11.2) on Linux OEL 5 (X86)

Installation of Oracle Database 11g Release 2 (11.2) on Oracle Enterprise Linux 5. Linux OEL installation login as root RAM: At least 1 GB swap space The following table describes...

Share this page:
Follow us:
Task Runner