Linux umask Command with Practical Examples

Introduction

In this lab, we will explore the Linux umask command, which is used to set the default permissions for newly created files and directories. We will start by understanding the umask command and how it works, then learn how to modify file and directory permissions using umask in different scenarios. This lab covers the essential aspects of user and permission management in a Linux environment.

The lab will guide you through the process of checking the current umask value, changing the umask to set different default permissions, and observing the effects on newly created files and directories. By the end of this lab, you will have a solid understanding of how to use the umask command to manage file and directory permissions effectively.

Linux Commands Cheat Sheet

Skills Graph

Understanding the umask Command

In this step, we will explore the Linux umask command, which is used to set the default permissions for newly created files and directories.

The umask command specifies the file mode creation mask, which determines the default permissions for new files and directories. The umask value is a 4-digit octal number that represents the permissions that should not be granted.

Let's start by checking the current umask value:

umask

Example output:

0022

The umask value 0022 means that the default permissions for new files will be 0644 (rw-r--r--) and the default permissions for new directories will be 0755 (rwxr-xr-x).

The umask value is calculated by subtracting the specified value from the default permissions (0777 for files and 0755 for directories). For example, with a umask of 0022, the default permissions will be:

• Files: 0777 - 0022 = 0755 (rw-r--r--)
• Directories: 0755 - 0022 = 0733 (rwxr-xr--)

You can change the umask value using the following command:

umask 0002

This sets the umask to 0002, which means that the default permissions for new files will be 0775 (rw-rwxr-x) and the default permissions for new directories will be 0775 (rwxrwxr-x).

Modifying File and Directory Permissions with umask

In this step, we will learn how to modify the default file and directory permissions using the umask command.

First, let's create a new file and directory to observe the effect of umask:

touch ~/project/new_file.txt
mkdir ~/project/new_directory

Now, let's check the permissions of the newly created file and directory:

ls -l ~/project

Example output:

-rw-r--r-- 1 labex labex     0 Apr 12 12:34 new_file.txt
drwxr-xr-x 2 labex labex  4096 Apr 12 12:34 new_directory

As you can see, the default permissions for the new file are 0644 (rw-r--r--) and the default permissions for the new directory are 0755 (rwxr-xr-x), which corresponds to the current umask value of 0022.

Now, let's change the umask value to 0002:

umask 0002

Let's create a new file and directory again:

touch ~/project/another_file.txt
mkdir ~/project/another_directory

And check the permissions:

ls -l ~/project

Example output:

-rw-rw-r-- 1 labex labex     0 Apr 12 12:35 another_file.txt
drwxrwxr-x 2 labex labex  4096 Apr 12 12:35 another_directory

As you can see, the default permissions for the new file are 0774 (rw-rw-r--) and the default permissions for the new directory are 0775 (rwxrwxr-x), which corresponds to the umask value of 0002.

This demonstrates how you can use the umask command to modify the default permissions for newly created files and directories.

Applying umask in Different Scenarios

In this step, we will explore how to apply the umask command in different scenarios to manage file and directory permissions effectively.

Scenario 1: Securing Sensitive Files

Imagine you have a sensitive file that you want to ensure only the owner has read and write access to. You can achieve this by setting a more restrictive umask value:

umask 0077
touch ~/project/sensitive_file.txt

Example output:

-rw------- 1 labex labex 0 Apr 12 12:36 sensitive_file.txt

The umask value of 0077 ensures that the new file has permissions of 0700 (rwx------), which means only the owner has read and write access.

Scenario 2: Allowing Group Collaboration

In a scenario where you want to create files and directories that are accessible to a specific group, you can set the umask value accordingly:

umask 0007
mkdir ~/project/shared_directory
touch ~/project/shared_file.txt

Example output:

drwxrwx--- 2 labex labex 4096 Apr 12 12:37 shared_directory
-rw-rw---- 1 labex labex    0 Apr 12 12:37 shared_file.txt

The umask value of 0007 ensures that the new directory has permissions of 0770 (rwxrwx---) and the new file has permissions of 0660 (rw-rw----), allowing members of the group to access and modify the files and directories.

Remember, the umask value is subtracted from the default permissions (0777 for files and 0755 for directories) to determine the final permissions. Experiment with different umask values to understand how they affect the default permissions.

Summary

In this lab, we explored the Linux umask command, which is used to set the default permissions for newly created files and directories. We learned that the umask value is a 4-digit octal number that represents the permissions that should not be granted. We also learned how to modify the default file and directory permissions using the umask command, and how to create new files and directories to observe the effect of umask. The lab provided practical examples to help us understand the usage and application of the umask command in different scenarios.

Linux Commands Cheat Sheet