Chapter 23. Managing the umask

You can use the umask utility to display, set, or change the current or default value of the umask.

23.1. Displaying the current value of the umask

You can use the umask utility to display the current value of the umask in symbolic or octal mode.

Procedure

  • To display the current value of the umask in symbolic mode, use: 

    $ umask -S

  • To display the current value of the umask in the octal mode, use: 

    $ umask
    Note

    When displaying the umask in octal mode, you may notice it displayed as a four digit number (0002 or 0022). The first digit of the umask represents a special bit (sticky bit, SGID bit, or SUID bit). If the first digit is set to 0, the special bit is not set.

23.2. Displaying the default bash umask

There are a number of shells you can use, such as bash, ksh, zsh and tcsh. Those shells can behave as login or non-login shells. You can invoke the login shell by opening a native or a GUI terminal.

To determine whether you are executing a command in a login or a non-login shell, use the echo $0 command.

Example 23.1. Determining if you are working in a login or a non-login bash shell

  • If the output of the echo $0 command returns bash, you are executing the command in a non-login shell. 

    $ echo $0
bash

    The default umask for the non-login shell is set in the /etc/bashrc configuration file.

  • If the output of the echo $0 command returns -bash, you are executing the command in a login shell. 

    # echo $0
-bash

    The default umask for the login shell is set in the /etc/login.defs configuration file.

Procedure

  • To display the default bash umask for the non-login shell, use: 

    $ grep umask /etc/bashrc

    The output returns: 

    # By default, we want umask to get set. This sets it for non-login shell.
       umask 002
       umask 022

  • To display the default bash umask for the login shell, use: 

    grep "UMASK" /etc/login.defs

    The output returns: 

    # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
UMASK        022
# If HOME_MODE is not set, the value of UMASK is used to create the mode.

23.3. Setting the umask using symbolic values

You can use the umask utility with symbolic values (a combination letters and signs) to set the umask for the current shell session

You can assign the following permissions:

  • Read (r)
  • Write (w)
  • Execute (x)

Permissions can be assigned to the following levels of ownership:

  • User owner (u)
  • Group owner (g)
  • Other (o)
  • All (a)

To add or remove permissions you can use the following signs:

  • + to add the permissions on top of the existing permissions
  • - to remove the permissions from the existing permission

  • = to remove the existing permissions and explicitly define the new ones

    Note

    Any permission that is not specified after the equals sign (=) is automatically prohibited.

Procedure

  • To set the umask for the current shell session, use: 

    $ umask -S <level><operation><permission>

    Replace <level> with the level of ownership you want to set the umask for. Replace <operation> with one of the signs. Replace <permission> with the permissions you want to assign. For example, to set the umask to u=rwx,g=rwx,o=rwx, use umask -S a=rwx.

    See User file-creation mode for more details.

    Note

    The umask is only valid for the current shell session.

23.4. Setting the umask using octal values

You can use the umask utility with octal values (numbers) to set the umask for the current shell session.

Procedure

  • To set the umask for the current shell session, use: 

    $ umask octal_value

    Replace octal_value with an octal value. See User file-creation mode mask for more details.

    Note

    The umask is only valid for the current shell session.

23.5. Changing the default umask for the non-login shell

You can change the default bash umask for standard users by modifying the /etc/bashrc file.

Prerequisites

  • root access

Procedure

  1. As root, open the /etc/bashrc file in the editor.

  2. Modify the following sections to set a new default bash umask: 

        if [ $UID -gt 199 ] && [ “id -gn” = “id -un” ]; then
       umask 002
    else
       umask 022
    fi

    Replace the default octal value of the umask (002) with another octal value. See User file-creation mode mask for more details.

  3. Save the changes and exit the editor.

23.6. Changing the default umask for the login shell

You can change the default bash umask for the root user by modifying the /etc/login.defs file.

Prerequisites

  • root access

Procedure

  1. As root, open the /etc/login.defs file in the editor.

  2. Modify the following sections to set a new default bash umask: 

    # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
# home directories if HOME_MODE is not set.
# 022 is the default value, but 027, or even 077, could be considered
# for increased privacy. There is no One True Answer here: each sysadmin
# must make up their mind.

UMASK           022

    Replace the default octal value of the umask (022) with another octal value. See User file-creation mode mask for more details.

  3. Save the changes and exit the editor.

23.7. Changing the default umask for a specific user

You can change the default umask for a specific user by modifying the .bashrc for that user.

Procedure

  • Append the line that specifies the octal value of the umask into the .bashrc file for the particular user. 

    $ echo 'umask octal_value' >> /home/username/.bashrc

    Replace octal_value with an octal value and replace username with the name of the user. See User file-creation mode mask for more details.

23.8. Setting default permissions for newly created home directories

You can change the permission modes for home directories of newly created users by modifying the /etc/login.defs file.

Procedure

  1. As root, open the /etc/login.defs file in the editor.

  2. Modify the following section to set a new default HOME_MODE: 

    # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
HOME_MODE       0700

    Replace the default octal value (0700) with another octal value. The selected mode will be used to create the permissions for the home directory.

  3. If HOME_MODE is set, save the changes and exit the editor.

  4. If HOME_MODE is not set, modify the UMASK to set the mode for the newly created home directories: 

    # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
# home directories if HOME_MODE is not set.
# 022 is the default value, but 027, or even 077, could be considered
# for increased privacy. There is no One True Answer here: each sysadmin
# must make up their mind.

UMASK           022

    Replace the default octal value (022) with another octal value. See User file-creation mode mask for more details.

  5. Save the changes and exit the editor.