This tutorial explains how Umask permissions, settings and values are defined through (login shell & non-login) in detail. Learn how to change default umask settings (777, 755, 644, 0222, etc.) globally (for all users), locally (for individual user) temporarily and permanently step by step with examples.
When we create a new file or directory, shell automatically assigns the default permission to it. Default permission is the subtraction of umask permission and pre-defined initial permission.
Default permission = pre-defined initial permission – umask permission
- The pre-defined initial permissions for files and directories are 666 and 777 respectively.
- The default umask permissions for root user and remaining users are 0022 and 0002 respectively.
- The pre-defined initial permissions are fixed and cannot be changed. The default umask permissions are flexible and can be updated as per requirement.
- Umask permissions are also known as umask values or umask setting. All these words (umask permissions, umask values and umask setting) are used to represent the four numeric variables which are used to calculate the default permissions.
This tutorial is the third part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.
Linux File permission Explained in Easy Language
This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.
Chmod command in Linux Explained
This tutorial is the second part of this article. It explains how to set and manage file attributes and permission with chmod command in Linux from both symbolic and octal methods.
How to set immutable sticky bit
This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.
Without any change in default umask permissions, all files created by user root will get 644 (666 - 022) permissions and all directories will get 755 (777-022) permissions.
First bit (0) in default umask values represents a special permission (SUID, SGID or Sticky bit) which cannot be affected by umask. Since umask cannot affect this permission, it always uses a value zero (0) as the placeholder value in this field. A value zero (0) means, ignore it while calculating the default permissions. We will learn special permission in detail with examples in last part of this tutorial.
To understand it more clearly, let’s access Shell prompt from user root and create a new file and directory. Check the permissions of both file and directory with ls –l command.
As we can see in above figure, by default file created by user root gets 644 permissions and directory gets 755 permissions.
In symbolic notation 644 stands for permissions; user (read and write) group (read) other (read) and 755 stands for permissions; user (read, write and execute) group (read and execute) other (read and execute).
How to change the default umask values
Umask values can be changed temporary or permanently. Temporary change will apply only in current shell session. Once user is logged out, umask values will be restored to original values. Permanent change is done in configuration files, it does not affect from system reboot.
Changing umask values temporary
To change umask values temporary, following command is used.
#umask [new values]
For example to change default umask values to 777, following command is used.
#umask 777
Let’s understand it with an example.
Create six directories named dir1, dir2, dir3, dir4, dir5 and dir6 with six different umask values; default, 777, 000, 111, 222 and 444 respectively.
Create one directory named test-dir and one file named test-file in each directory to compare the umask effect on files and directories.
Default umask 022 and umask 777
Umask 000 and Umask 111
Umask 222 and umask 444
In above example we changed umask values six times and each time we created one file and directory to see the effect of umask permissions on default permissions.
Change in umask values will affect the default permissions of files and directories which will be created after the change. It does not change the default permissions of existing files and directories. To understand it more clearly, let’s list all directories again.
As we can see in above output each time we changed the umask setting, it affected the files and directories which were created after the change.
Changing umask values permanently
Linux is a multiuser network operating system where same Shell is being accessed by several users. To provide a customized version of same Shell to everyone (user, script or process), a layer is inserted between actual shell and end user. In this layer several configuration files are used to create a user specific environment. Permanent umask setting is also configured in this layer. Based on requirement, umask setting can be configured in multiple levels. In order to configure umask setting correctly, we have to understand how shell is being accessed. A shell can be accessed in two ways; login and non-login.
Login shell
This is the shell environment which user receives just after the login. It provides a customized interface to interact with system. It takes input command from user and display the result on standard output device. The command prompt which user receives just after the login is example of login shell.
Non-login shell
This is the additional Shell interface which user accesses from login shell to perform a specific task. Since it is accessed from a login shell, it inherits all customized properties of parent (logged in) shell. But at the same time it is also a separate shell which allows us to override the default properties. Any terminal which we open in GUI to execute the command is the example of non-login shell.
Based on targeted user and shell access type, permanent umask setting can be configured in four files.
| Configuration file | Type of setting | Targeted user | When applied | Shell access type |
| /etc/profile | Default setting | All users including root | While user login | Login shell |
| /etc/bashrc | Default setting | All users including root | While user access additional shell | Non-login shell |
| /etc/profile.d/umask.sh | Custom setting | All users including root | While user login and while user access additional shell. | Both Login shell and non-login shell |
| /home/[user-name]/.bashrc | Custom setting | Individual user | While individual user login and access additional shell | Both Login shell and non-login shell |
Custom setting always overrides the default setting. Default setting will be used only if custom setting is not configured.
Let’s take an example to understand how all these work at shell prompt.
Access the shell prompt from user root and create a regular user account.
Check the default umask setting of user root and user regularuser
As we can see in above output, default umask setting is 022 and 002 for user root and user regularuser respectively.
Let’s figure out which file is used to define this setting.
By default umask setting for login shell and non-login shell is same. To understand which set of umask permissions is used we have to understand the type of shell.
How did we access the shell is the answer of which set of umask setting is used.
Did we supply the username and password to access the above shell? No, we accessed this shell from a right click menu.
Since we did not supply the user name and password to access this shell, it would be considered as non-login shell. For non-login shell /etc/bashrc file is used.
Let’s take an example of login shell. Open two separate consoles (by pressing Alt+Ctrl+F2 and Alt+Ctrl+F3 keys combination) and login from user root and user regularuser respectively. Check the umask setting which both users receive.
How to change the system default umask setting
Switch back to GUI (by pressing Alt+Ctrl+F1 keys combination) and take the backup of both configuration files.
Now change the default umask setting in /etc/bashrc file as listed below
For regular user, set it to 444 (old value 002) For root user, set it to 555 (old value 022)
We changed umask setting in /etc/bashrc file which control the non-login shell. To test where this change is applied, let’s check umask setting again. Change cannot be applied in running terminal; we have to access the other terminal for testing. Open another terminal and test umask setting for both users. Use su command to switch the user account.
As we can see in above output, umask values have been changed.
Tips
The su (switch user) command is used to access the non-login shell. Even though it switches user account after authenticating user name and password, it cannot be considered as a login shell. A shell will be considered as a login shell only when it is accessed through the console (such as tty prompt or gui login screen) or a protocol which is used for remote login (such as SSH, FTP, etc.).
Since we only changed /etc/bashrc file which control non-login umask permissions, the umask permissions for login shell should not be changed.
To confirm it, access two TTY consoles (use Alt+Ctrl+F4 and Alt+Ctrl+F5 keys combinations) and login from user root and user regularuser.
As above output confirms, umask permissions are not changed for login shell.
Switch back to GUI console and update umask permissions in /etc/profile file.
For root user set it to 222 For regular user set it to 111
Re-login from both users (root and regularuser) in their respective consoles and check the default umask permissions.
As above output confirms, umask permissions have been changed. Since this time we changed the file which controls login shell, a non-login shell should not be affected. To confirm it, switch back to GUI console and close the opened terminal. Access new terminal and check umask permissions for both users again.
As we can see in above output, umask permissions in non-login shell are not changed.
When we changed /etc/bashrc file, the umask permissions for non-login shell were changed but umask permissions for login shell remained unchanged. Just like this, when we changed /etc/profile file, the umask permissions for login shell were changed but umask permissions for login shell remained unchanged.
How to override default umask setting
If we want to use the separate umask permissions for both login and non-login shells then we have to update the associated files individually. But if we want to use the same umask permissions for both (login shell and non-login shell) then we can use shell override feature. The /etc/profile.d/ directory is used to define the override values. Before we practice with this feature lets restore the default configuration files back.
Now create a script file in /etc/profile.d directory with desired umask permissions.
Close the opened terminal and open a new terminal and check the default umask permissions for both users.
Above output confirms that umask permissions for non-login shell have been updated.
In console logout from logged in users. Login again and check the default umask permissions.
As we can see in above output, umask permissions for login shell are also updated.
In above example we configured same umask permissions for all users. But if it requires, we can also configure separate umask permissions for root user and remaining users.
To configure separate umask values, open two terminals. In first terminal open /etc/bashrc file and in second terminal open /etc/profile.d/umask.sh file. Remove umask values from /etc/profile.d/umask.sh file which we configured in previous step.
Copy the directives which assign umask setting from /etc/bashrc file and paste in /etc/profile.d/umask.sh file
To test the umask setting, configure following values and save the file and close the terminal.
For root, set it to 456 For remaining users, set it to 123
Reopen the terminal and test the umask setting for both users.
Switch to opened consoles and logout from both users. Login again and check the umask setting.
Individual umask permissions
Umask setting configured in any /etc/ sub-directory is known as global umask setting. Global setting affects all users. If we want to configure the umask setting only for a specific user then we have to use the local umask setting. Umask setting configured in user’s home directory is known as local umask setting. In home directory .bashrc file is used to configure the local umask setting.
Configuring individual user umask permissions
Before we configure the local umask setting, remove the custom script file which we created in previous step. Switch to user’s home directory and open .bashrc file and add following line in the end of the file
umask [values]
Save the file and check the umask setting.
Following figure illustrates above practice step by step.
Default umask permissions for home directory
When we add a new user, a home directory for that user is also being created. If umask setting in /etc/login.defs file is configured then the default permissions for home directory would be calculated based on these setting.
Let’s understand it practically.
- Backup the /etc/login.defs file and open it for editing
- Update the umask setting and save the file
- Add a new user and check the default permissions of home directory
- Restore the original configuration file back
Following figure illustrates above process step by step
Umask permissions configured in /etc/login.defs apply only on newly created home directories.
Key points
- If umask setting is configured in .bashrc file, user will always receive umask setting from this file regardless whatever setting is configured in other files.
- If umask setting is not configured in .bashrc file then /etc/profile.d/umask.sh file is used.
- The file name umask.sh is an indicative name only. You can choose any descriptive name for script file. The script file must be placed in /etc/profile.d directory.
- If umask setting is neither configured in .bashrc nor in /etc/profile.d/umask.sh then default configuration files are used.
- Default configuration files are /etc/profile and /etc/bashrc for login shell and non-login shell respectively.
