RHCE Study Guide

This tutorial explains umask permission in detail including how to manage it and how it is used to calculate the default permission for files and directories.

When we create a new file or directory, shell automatically assigns the default permission to it. Default permission is the subtraction of umask permission and pre-defined initial permission.

Default permission = pre-defined initial permission – umask permission
  • The pre-defined initial permissions for files and directories are 666 and 777 respectively.
  • The default umask permissions for root user and remaining users are 0022 and 0002 respectively.
  • The pre-defined initial permissions are fixed and cannot be changed. The default umask permissions are flexible and can be updated as per requirement.
  • Umask permissions are also known as umask values or umask setting. All these words (umask permissions, umask values and umask setting) are used to represent the four numeric variables which are used to calculate the default permissions.

Without any change in default umask permissions, all files created by user root will get 644 (666 - 022) permissions and all directories will get 755 (777-022) permissions.

default file permission linux

First bit (0) in default umask values represents a special permission (SUID, SGID or Sticky bit) which cannot be affected by umask. Since umask cannot affect this permission, it always uses a value zero (0) as the placeholder value in this field. A value zero (0) means, ignore it while calculating the default permissions. We will learn special permission in detail with examples in last part of this tutorial.

To understand it more clearly, let’s access Shell prompt from user root and create a new file and directory. Check the permissions of both file and directory with ls –l command.

umask example ls -l command

As we can see in above figure, by default file created by user root gets 644 permissions and directory gets 755 permissions.

In symbolic notation 644 stands for permissions; user (read and write) group (read) other (read) and 755 stands for permissions; user (read, write and execute) group (read and execute) other (read and execute).

This tutorial is the third part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

Linux File permission Explained in Easy Language

This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.

Chmod command in Linux Explained

This tutorial is the second part of this article. It explains how to set and manage file attributes and permission with chmod command in Linux from both symbolic and octal methods.

How to set immutable sticky bit

This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.

How to change the default umask values

Umask values can be changed temporary or permanently. Temporary change will apply only in current shell session. Once user is logged out, umask values will be restored to original values. Permanent change is done in configuration files, it does not affect from system reboot.

Changing umask values temporary

To change umask values temporary, following command is used.

#umask [new values]

For example to change default umask values to 777, following command is used.

#umask 777

Let’s understand it with an example.

Create six directories named dir1, dir2, dir3, dir4, dir5 and dir6 with six different umask values; default, 777, 000, 111, 222 and 444 respectively.

Create one directory named test-dir and one file named test-file in each directory to compare the umask effect on files and directories.

Default umask 022 and umask 777

default umask setting 0022

Umask 000 and Umask 111

umask 111

Umask 222 and umask 444

umask 444

In above example we changed umask values six times and each time we created one file and directory to see the effect of umask permissions on default permissions.

Change in umask values will affect the default permissions of files and directories which will be created after the change. It does not change the default permissions of existing files and directories. To understand it more clearly, let’s list all directories again.

umask default file testing

As we can see in above output each time we changed the umask setting, it affected the files and directories which were created after the change.

Changing umask values permanently

Linux is a multiuser network operating system where same Shell is being accessed by several users. To provide a customized version of same Shell to everyone (user, script or process), a layer is inserted between actual shell and end user. In this layer several configuration files are used to create a user specific environment. Permanent umask setting is also configured in this layer. Based on requirement, umask setting can be configured in multiple levels. In order to configure umask setting correctly, we have to understand how shell is being accessed. A shell can be accessed in two ways; login and non-login.

Login shell

This is the shell environment which user receives just after the login. It provides a customized interface to interact with system. It takes input command from user and display the result on standard output device. The command prompt which user receives just after the login is example of login shell.

Non-login shell

This is the additional Shell interface which user accesses from login shell to perform a specific task. Since it is accessed from a login shell, it inherits all customized properties of parent (logged in) shell. But at the same time it is also a separate shell which allows us to override the default properties. Any terminal which we open in GUI to execute the command is the example of non-login shell.

Based on targeted user and shell access type, permanent umask setting can be configured in four files.

umask permanent setting config file

Configuration file Type of setting Targeted user When applied Shell access type
/etc/profile Default setting All users including root While user login Login shell
/etc/bashrc Default setting All users including root While user access additional shell Non-login shell
/etc/profile.d/umask.sh Custom setting All users including root While user login and while user access additional shell. Both Login shell and non-login shell
/home/[user-name]/.bashrc Custom setting Individual user While individual user login and access additional shell Both Login shell and non-login shell

Custom setting always overrides the default setting. Default setting will be used only if custom setting is not configured.

Let’s take an example to understand how all these work at shell prompt.

Access the shell prompt from user root and create a regular user account.

create normal user linux

Check the default umask setting of user root and user regularuser

linux umask setting

As we can see in above output, default umask setting is 022 and 002 for user root and user regularuser respectively. Let’s figure out which file is used to define this setting.

umask setting config files

By default umask setting for login shell and non-login shell is same. To understand which set of umask permissions is used we have to understand the type of shell.

How did we access the shell is the answer of which set of umask setting is used.

Did we supply the username and password to access the above shell? No, we accessed this shell from a right click menu.

right click desktop menu linux

Since we did not supply the user name and password to access this shell, it would be considered as non-login shell. For non-login shell /etc/bashrc file is used.

Let’s take an example of login shell. Open two separate consoles (by pressing Alt+Ctrl+F2 and Alt+Ctrl+F3 keys combination) and login from user root and user regularuser respectively. Check the umask setting which both users receive.

umask setting testing

How to change the system default umask setting

Switch back to GUI (by pressing Alt+Ctrl+F1 keys combination) and take the backup of both configuration files.

backup default umask config file

Now change the default umask setting in /etc/bashrc file as listed below

For regular user, set it to 444 (old value 002)
For root user, set it to 555 (old value 022)

/etc/bashrc file umask setting

We changed umask setting in /etc/bashrc file which control the non-login shell. To test where this change is applied, let’s check umask setting again. Change cannot be applied in running terminal; we have to access the other terminal for testing. Open another terminal and test umask setting for both users. Use su command to switch the user account.

umask setting bashrc file testing

As we can see in above output, umask values have been changed.

Tips

The su (switch user) command is used to access the non-login shell. Even though it switches user account after authenticating user name and password, it cannot be considered as a login shell. A shell will be considered as a login shell only when it is accessed through the console (such as tty prompt or gui login screen) or a protocol which is used for remote login (such as SSH, FTP, etc.).

Since we only changed /etc/bashrc file which control non-login umask permissions, the umask permissions for login shell should not be changed.

To confirm it, access two TTY consoles (use Alt+Ctrl+F4 and Alt+Ctrl+F5 keys combinations) and login from user root and user regularuser.

umask example testing bashrc file

As above output confirms, umask permissions are not changed for login shell.

Switch back to GUI console and update umask permissions in /etc/profile file.

For root user set it to 222
For regular user set it to 111

Linux umask setting testing

Re-login from both users (root and regularuser) in their respective consoles and check the default umask permissions.

umask setting testing

As above output confirms, umask permissions have been changed. Since this time we changed the file which controls login shell, a non-login shell should not be affected. To confirm it, switch back to GUI console and close the opened terminal. Access new terminal and check umask permissions for both users again.

umask permission testing

As we can see in above output, umask permissions in non-login shell are not changed.

When we changed /etc/bashrc file, the umask permissions for non-login shell were changed but umask permissions for login shell remained unchanged. Just like this, when we changed /etc/profile file, the umask permissions for login shell were changed but umask permissions for login shell remained unchanged.

How to override default umask setting

If we want to use the separate umask permissions for both login and non-login shells then we have to update the associated files individually. But if we want to use the same umask permissions for both (login shell and non-login shell) then we can use shell override feature. The /etc/profile.d/ directory is used to define the override values. Before we practice with this feature lets restore the default configuration files back.

restore default backup file

Now create a script file in /etc/profile.d directory with desired umask permissions.

umask script file

Close the opened terminal and open a new terminal and check the default umask permissions for both users.

umask setting testing

Above output confirms that umask permissions for non-login shell have been updated.

In console logout from logged in users. Login again and check the default umask permissions.

umask setting overide testing

As we can see in above output, umask permissions for login shell are also updated.

In above example we configured same umask permissions for all users. But if it requires, we can also configure separate umask permissions for root user and remaining users.

To configure separate umask values, open two terminals. In first terminal open /etc/bashrc file and in second terminal open /etc/profile.d/umask.sh file. Remove umask values from /etc/profile.d/umask.sh file which we configured in previous step.

umask setting configuration

Copy the directives which assign umask setting from /etc/bashrc file and paste in /etc/profile.d/umask.sh file

umask setting updated

To test the umask setting, configure following values and save the file and close the terminal.

For root, set it to 456
For remaining users, set it to 123
umask setting configured

Reopen the terminal and test the umask setting for both users.

umask testing gui

Switch to opened consoles and logout from both users. Login again and check the umask setting.

umask testing console

Individual umask permissions

Umask setting configured in any /etc/ sub-directory is known as global umask setting. Global setting affects all users. If we want to configure the umask setting only for a specific user then we have to use the local umask setting. Umask setting configured in user’s home directory is known as local umask setting. In home directory .bashrc file is used to configure the local umask setting.

Configuring individual user umask permissions

Before we configure the local umask setting, remove the custom script file which we created in previous step. Switch to user’s home directory and open .bashrc file and add following line in the end of the file

umask [values]

Save the file and check the umask setting.

Following figure illustrates above practice step by step.

umask local setting

Default umask permissions for home directory

When we add a new user, a home directory for that user is also being created. If umask setting in /etc/login.defs file is configured then the default permissions for home directory would be calculated based on these setting.

Let’s understand it practically.

  • Backup the /etc/login.defs file and open it for editing
  • Update the umask setting and save the file
  • Add a new user and check the default permissions of home directory
  • Restore the original configuration file back

Following figure illustrates above process step by step

umask setting login defs

Umask permissions configured in /etc/login.defs apply only on newly created home directories.

Key points
  • If umask setting is configured in .bashrc file, user will always receive umask setting from this file regardless whatever setting is configured in other files.
  • If umask setting is not configured in .bashrc file then /etc/profile.d/umask.sh file is used.
  • The file name umask.sh is an indicative name only. You can choose any descriptive name for script file. The script file must be placed in /etc/profile.d directory.
  • If umask setting is neither configured in .bashrc nor in /etc/profile.d/umask.sh then default configuration files are used.
  • Default configuration files are /etc/profile and /etc/bashrc for login shell and non-login shell respectively.
That’s all for this part. In next part of this tutorial we will learn how to configure the special permission in detail with examples.