umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files
The mask is stored as a group of bits. It may be represented as binary, octal or symbolic notation. The umask command allows the mask to be set as octal (e.g. 0754) or symbolic (e.g. u=,g=w,o=wx) notation.
$ umask # display current value (as octal)
0022
$ umask -S # display current value symbolically
u=rwx,g=rx,o=rx
$ umask 007 # set the mask to 007
$ umask # display the mask (in octal)
0007 # 0 - special permissions (setuid | setgid | sticky )
# 0 - (u)ser/owner part of mask
# 0 - (g)roup part of mask
# 7 - (o)thers/not-in-group part of mask
$ umask -S # display the mask symbolically
u=rwx,g=rwx,o=
| Letter | Class | Description |
|---|
| u | user | the owner |
| g | group | users who are members of the file's group |
| o | others | users who are not the owner of the file or members of the group |
| a | all | all three of the above, the same as ugo. (The default if no user-class-letters are specified in the maskExpression.) |
- The operator specifies how the permission modes of the mask should be adjusted.
| Operator | Effect on the mask |
|---|
| + | permissions specified are enabled, permissions that are not specified are unchanged. |
| - | permissions specified are prohibited from being enabled, permissions that are not specified are unchanged. |
| = | permissions specified are enabled, permissions that are not specified are prohibited from being enabled. |
- The permission-symbols indicate which file permission settings are to be allowed or prohibited by the mask.
| Symbol | Name | Description |
|---|
| r | read | read a file or list a directory's contents |
| w | write | write to a file or directory |
| x | execute | execute a file or recurse a directory tree |
| X | special execute | See Symbolic modes. |
| s | setuid/gid | See File permissions. |
| t | sticky | See File permissions. |
Command line examples[edit]
Here are more examples of using the umask command to change the mask.
| umask command issued | How the mask will affect permissions of subsequently created files/directories |
|---|
| umask a+r | allows read permission to be enabled for all user classes; the rest of the mask bits are unchanged |
| umask a-x | prohibits enabling execute permission for all user classes; the rest of the mask bits are unchanged |
| umask a+rw | allows read or write permission to be enabled for all user classes; the rest of the mask bits are unchanged |
| umask +rwx | allows read, write or execute permission to be enabled for all user classes; (Note: On some UNIX platforms, this will restore the mask to a default.) |
| umask u=rw,go= | allow read and write permission to be enabled for the owner, while prohibiting execute permission from being enabled for the owner; prohibit enabling any permissions for the group and others |
| umask u+w,go-w | allow write permission to be enabled for the owner; prohibit write permission from being enabled for the group and others; |
| umask -S | display the current umask in symbolic notation |
| umask 777 | disallow read, write, and execute permission for all (probably not useful because even owner cannot read files created with this mask!) |
| umask 000 | allow read, write, and execute permission for all (potential security risk) |
| umask 077 | allow read, write, and execute permission for the file's owner, but prohibit read, write, and execute permission for everyone else |
| umask 113 | allow read or write permission to be enabled for the owner and the group, but not execute permission; allow read permission to be enabled for others, but not write or execute permission |
| umask 0755 | equivalent to u-rwx (4+2+1),go=w (4+1 & 4+1). (The 0 specifies that special modes[clarify] may be enabled if allowed by the OS.) |
Comments
Post a Comment