Home / How To / What is unmask in Linux?

What is unmask in Linux?

UMASK in Linux or Unix systems is called User Mask or also called as User File Mask. This is a basic state or default state when a new file or folder is created in the Linux machine.

It is used by several commands in Linux such as mkdir, touch, tee and other commands that create files and directories. It gets involved in each step when a new file or directory is created.

File Permissions:

Before we go into deep diving and understand the unmask, let's first understand the felt state briefly.

Linux is known for its security. Each file or directory in Linux has a specific set of permissions and ownership rights. Let's look at the user class below.

Each file in Linux will have under three user classes associated with it.

  1. User – A user who owns the file – By default, it indicates who created the file if you do not change it.
  2. Group – This indicated that the people in the group will have privileges assigned to the file. [19659008] Other – This restricts other users who are not owners or in the assigned group.

There are three types of file access for each user class mentioned above.

  1. r – read permission – the ability to read the contents of the file
  2. w – write permission – the ability to change the contents of the file
  3. x – run permissions – the ability to run the file as a program [19659014] The above concept tells who can read the file content, change the file content or run the program.

    Viewing Permissions – Symbol Mode:

    Let's look at file ownership below. You can retrieve the information on your Linux machine by typing the ls -l command.

     Linux Umask explained

    The first character in the image above shows the file type. There may be different types of files in Linux as below.

    Specifies the simple regular file with various extensions such as .txt, .json, .sh, .py, .rb, etc.


    Indicates directory / folder


    Indicates a symbolic link or symlink or soft link


    Indicates sign file


    Indicates block device file

    The next the nine symbols are divided into three parts as below.


    The file owner can read the content, change the content and run the file as a program


    Members of the group "users" Can read the content and run the file as a program but cannot change the file contents


    Anyone who is not an owner is also not a member of the group, ie others can also read the contents of the file and run the file as a program but cannot change file contents

    View permissions – Numeric mode:

    There is a further way to represent permissions with numbers called Numeric mode.

    Let's look at the allowable diagram for Numeric file below.


    No permission


    – x

    Only execute permission



    Only write permission

    3 [19659040] -wx

    Writing and executing permissions

    4 [19659041] r –

    Read only permissions



    Read and execute permissions



    Read and write permissions


    rwx [19659020] Read, Write, and Execute Permissions

    If I refer to this numeric authorization diagram and apply it to the same directory mentioned in the image above, the state will look like below.


    4 + 2 + 1



    4 + 0 + 1



    4 + 0 + 1 [19659065] 5 [19659029]
    Therefore, the numeric state of the testdir directory is 755.

    Understand UMASK:

    Let's create a new file and a new directory by executing the command below.

      $ touch test file 
      $ mkdir testdir 

    Let's see the permissions of test file and testdir by executing ls – l command.

    $ ls -l

      drwxr-xr-x 2 niteshb user 4096 Mar 21 22:43 testdir 
      -rw-r - r-- 1 niteshb user 0 Mar 21 22 : 43 test file 

    Did you notice the permissions? They are different, right? This is due to the default unmask value set in the Linux machine.

    By default on the Linux machine is the default state for a file 666 that provides read and write permissions to the owner, group, and others, and 777 for a directory that means to read, write, and run permissions to the owner, group, and others.

    As we know directories cannot be run. Why does the directory need to run permissions? Well, performing the permission to the directory is to allow access to content under the directory. If you use chmod command, we change the state of the directory to 666 and try to enter the directory with CD command.

    On most Linux distributions, the default value is set throughout the system in pam_umask.so or in / etc / profile file. By adding the value to the ~ / .bashrc file in the user's home directory, we can create an unmask value specific to the user.

    To check unmask value, run unmask command.

      $ umask 



    We can ignore the very first 0 from the above four digits for now. It is part of the advanced state of Linux. Which can prevent file modification even if you have write permission or we can prevent deleting a file even if you are the root user. In this blog we will only concentrate on the other three figures. Ads

    To change the value of the current session, execute the command below followed by the desired value.

      $ umask 0044 

    How files and directories get their permissions:

    The value associated with umask is NOT the state you get for your files and directories.

    There is a very simple calculation. As we mentioned above that the default value for a file is 666 and for a directory it is 777. To calculate permission bits for new files or directories, subtract the unmask value from the default value.

    For example, let's calculate how a new file or directory state will affect due to unmask.

    • Files: 666 - 022 = 644. According to the permission, the owner can read and run the file. Groups and others can read the file.
    • Catalog: 777 - 022 = 755. This means that the owner will have all read, write permissions and CDs for the directory. Group and others can read and list the contents of the directory and cd to the directory.

    You can also see the unmask value in numerical form by executing the command below.

      $ umask 


      u = rwx, g = rx, o = rx 

    Unlike numeric notation, the symbolic notation value contains the permission bits that will be set to the newly created files and directories.

    Setting the mask value:

    File creation mask can be set with octal or symbolic notation. To make the changes permanent, set the new value to a global configuration file such as / etc / profile file that will affect all users or in a user's scale configuration files such as ~ / .profile, ~ / .bashrc or ~ / .zshrc that will only affect the user. The user files take precedence over the global files.

    Before making any changes to umask make sure that the new value does not pose a potential security risk. Values ​​that are less restrictive than 022 should be used with great caution. For example, umask 000 means that anyone will have read, written, and run permissions for all newly created files.

    Let's say we want to set more restrictive permissions for the newly created files and directories so that others will not be able to cd to the directories and read files. The permissions we want are 750 for directories and 640 for files. Ads

    To calculate the umask value, simply subtract the desired permissions from the default setting:

    Umask value: 777-750 = 027

    The desired umask value represented in numerical notation is 027 .

    To permanently set the new value across the entire open file / etc / profile with your text editor and change or add the following line at the beginning of the file:

      umask 0027 

    For changes that enter into force run the following source command or log out and log in:

      $ source / etc / profile 

    To verify the new settings we create a new file and directory with the commands below.

      $ mkdir newtestdir 
      $ touch newtestfile 

    If you check per assignment with the ls command, you will notice that the new file has 640 and the new directory 750 permissions, as we wanted:

      drwxr-xr-- 2 niteshb users 4096 Mar 21 22:43 newtestdir 
      -rw-r ----- 1 niteshb user 0 Mar 21 22:43 newtestfile 

    Another way to set the file to create file is to use the symbolic notation. For example, umask u = rwx, g = rx, o = is the same as umask 027 .


    In this guide we have explained the Linux permissions and how to use the umask command to set the permission bits for created files or directories.

    For more information, type the command below in your terminal.

      $ man umask 

    Source link