Novell is now a part of Micro Focus

What is the "umask"? How can I set it?

Novell Cool Solutions: Trench
By Christian Boltz

Digg This - Slashdot This

Posted: 22 Feb 2006

The umask defines the permissions a new file will get - or better: the permissions it will not get.

You can display the current umask numeric and as text:

user@host:~ $ umask
user@host:~ $ umask -S

The numbers mean the following:

0 0 2 7
| | | '--> permissions for others (o)
| | '--> permissions for the group (g)
| '--> permissions for the owner (user, u)
'--> special permissions (SUID, SGID, sticky) - always 0 in umask

The digits for user, group and others are the sum of:

  • 1 - execute permission (x)
  • 2 - write permission (w)
  • 4 - read permission (r)

Therefore umask 0027 means:

  • all permissions for the file owner (user)
  • no write permissions (but read and execute permissions) for the group
  • no permissions for others

You can specify the umask with the command umask 0027. The number can vary, of course. The umask you define this way is valid in the current shell and all child processes. If you set the umask in ~/.profile, it is valid for the whole time you are logged in. If you define it in a xterm, it is only valid for everything you do in this xterm.

If you want to define the umask for a specific directory (example: group write permissions for a directory you use together with your colleges), you'll become sweating when using the umask command because it is always valid for all directories.

The solution of this problem is setting a default ACL. The following command ensures that all new files in /home/shared/ have all permissions (including write permissions) set for the group:

setfacl -d -m mask:007 /home/shared/

You should also set the sgid-bit for the directory and choose the wanted group using chgrp:

chgrp the_team /home/shared/
chmod g+s /home/shared/

If /home/shared/ already contains subdirectories, you have to change their permissions as well. Tip: all mentioned commands know the -R option.

Starting with KDE 3.5 (which will be contained in the upcoming SUSE Linux 10.1) you can easily define ACLs using the file properties dialog.

If you want to access /home/shared/ only using samba, you can instead use the directory mask and create mask for the share (be warned: samba doesn't use the inverted permission mask as umask does!). You should also set the force group option.

Original URL (german):

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates