Linux

UMASK NOTES
#############
#############

The umask tells the session what mask to apply to new files and folders. Its calculated in inverse. So for files you need to subtract 666 for folders you need to subtract 777. Note: there is a special bit, but its always 0, so never pay attention to it – at least that the case in my debian

umask only changes umask in session, in current putty, so if you have screen or byobu or tmux with several windows and you set umask in one window/pane, it will only last in the window/pane you set it in. Also umask can only see the umask you have set in the current session.

Commands
=========

To see umask the reverse octal bit

# umask

To see umask in symbolic notation (not inversed):

# umask -S

To set umask with reverse octal bit:

# umask 0xxx

or

# umask xxx

NOTE: if using special bit it can only be 0, see below

Example (a hard one that shows off execptions on file):
==========================================

# umask 123 
# umask -S 
u=rw,g=rx,o=r 
# umask 
0123

Note: ignore the 0 in the front

Making a file under this condition

# touch file123

To see what files permissions will be just do this math “6,6,6-umask=file permissions” (note this formula can be solved for umask “6,6,6-file perms = umask”)

6,6,6-1,2,3 = 5,4,3 (meaning -r-xr—wx, first dash for file, then permissions)
So it should be 543 so it will be -r-xr—wx… however you will see that the x bit is removed, some OS dont allow any files to be made with execute bit (even if your root) so if you want execute bit you will need to chmod afterwards
So our 543 -r-xr—wx will turn to -r-r—w BUT IN REALITY IT TURNS TO SOMETHING ELSE!!! These exceptions will rock your world and confuse you, this is why its always good to test how a file is made at the default umask, and if you have a different umask then test to see. Also The rules are less strict and exceptions dont apply on folders
Note: from now on I will skip using the commas, to seperate the bits out, unless needed to show something (as you will see below, when negative numbers come out)

# ls -lisah file123
OUTPUT:
271327 0 -rw-r--r-- 1 root root 0 Feb 3 18:12 file123

Making a folder under this condition

# mkdir folder123

With folders we subtract with 777

777-123=654
654 is drw-r-xr– (d is first bit because its a folder)

# ls -lisahd folder123
OUTPUT:
271373 0 drw-r-xr-- 1 root root 0 Feb 3 18:18 folder123

Less exceptions with folders so makes more sense

To see how the exceptions apply (in debian 7.2 atleast)
===========================================

271469 0 ---------- 1 root root 0 Feb 3 18:32 000 <=== a file/folder with perms 000 will have this (chmoded file)
271477 0 ---x--x--x 1 root root 0 Feb 3 18:33 111 <=== a file/folder with perms 111 will have this (chmoded file)
271447 0 ---x-w--wx 1 root root 0 Feb 3 18:30 123 <=== a file/folder with perms 123 will have this (chmoded file)
271476 0 --w--w--w- 1 root root 0 Feb 3 18:33 222 <=== a file/folder with perms 222 will have this (chmoded file)
271467 0 --wx-wx-wx 1 root root 0 Feb 3 18:32 333 <=== a file/folder with perms 333 will have this (chmoded file)
271468 0 -r--r--r-- 1 root root 0 Feb 3 18:32 444 <=== a file/folder with perms 444 will have this (chmoded file)
271449 0 -r-xr---wx 1 root root 0 Feb 3 18:30 543 <=== a file/folder with perms 543 will have this (chmoded file)
271500 0 -r-xr-xr-x 1 root root 0 Feb 3 18:35 555 <=== a file/folder with perms 555 will have this (chmoded file)
271451 0 -rw-r-xr-- 1 root root 0 Feb 3 18:30 654 <=== a file/folder with perms 654 will have this (chmoded file)
271502 0 -rw-rw-rw- 1 root root 0 Feb 3 18:35 666 <=== a file/folder with perms 666 will have this (chmoded file)
271471 0 -rwxrwxrwx 1 root root 0 Feb 3 18:32 777 <=== a file/folder with perms 777 will have this (chmoded file)
271458 0 drwxrwxrwx 1 root root 0 Feb 3 18:31 d000 <== a directory made with umask 000
271526 0 drw-rw-rw- 1 root root 0 Feb 3 18:39 d111 <== a directory made with umask 111
271443 0 drw-r-xr-- 1 root root 0 Feb 3 18:29 d123 <== a directory made with umask 123
271530 0 dr-xr-xr-x 1 root root 0 Feb 3 18:39 d222 <== a directory made with umask 222
271465 0 dr--r--r-- 1 root root 0 Feb 3 18:32 d333 <== a directory made with umask 333
271482 0 d-wx-wx-wx 1 root root 0 Feb 3 18:33 d444 <== a directory made with umask 444
271486 0 d-w--w--w- 1 root root 0 Feb 3 18:34 d555 <== a directory made with umask 555
271489 0 d--x--x--x 1 root root 0 Feb 3 18:34 d666 <== a directory made with umask 666
271496 0 d--------- 1 root root 0 Feb 3 18:35 d777 <== a directory made with umask 777
271457 0 -rw-rw-rw- 1 root root 0 Feb 3 18:31 f000 <== a file made with umask 000
271527 0 -rw-rw-rw- 1 root root 0 Feb 3 18:39 f111 <== a file made with umask 111
271442 0 -rw-r--r-- 1 root root 0 Feb 3 18:29 f123 <== a file made with umask 123
271533 0 -r--r--r-- 1 root root 0 Feb 3 18:40 f222 <== a file made with umask 222
271464 0 -r--r--r-- 1 root root 0 Feb 3 18:32 f333 <== a file made with umask 333
271481 0 --w--w--w- 1 root root 0 Feb 3 18:33 f444 <== a file made with umask 444
271484 0 --w--w--w- 1 root root 0 Feb 3 18:34 f555 <== a file made with umask 555
271488 0 ---------- 1 root root 0 Feb 3 18:34 f666 <== a file made with umask 666
271497 0 ---------- 1 root root 0 Feb 3 18:35 f777 <== a file made with umask 777

Everything that you see that has a file name of ### is a file that has been made with any umask and then changed to the permission ### with chmod. Note with chmod umask has no affect. umask only affects new files. NOTE: I didnt have to make a folder to show you this, and its fine with just a file, because the chmod has same effect on file and folder (unlike umask which is picky – the point of this whole miniscript and above output is to show you how its picky and what to expect)

d### are new directories made in a shell with umask set to ###
f### are new files made in a shell with umask set to ###

To see this on your system try this:

cd ~
mkdir umask_tests
cd umask_tests
for i in 000 111 222 333 444 555 666 777; do
umask ${i}
touch f${i}
mkdir d${i}
touch ${i}
chmod ${i} ${i}
done

To see results:

cd ~/umask_tests
ls -lisah

Math rules
===========

777 – folder permission you want = umask to set
777 – umask to set = folder permission you want

666 – file permission you want = umask to set
666 – umask to set = file permission you want
http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

Explain Octal umask Mode 022 And 002
===================================

As I said earlier, if the default settings are not changed, files are created with the access mode 666 and directories with 777. In this example:
1. The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.
2. The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.
3. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

in short:
———-
1. A umask of 022 allows only you to write data, but anyone can read data.
2. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.
3. A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.

Limitations of the umask
————————
1. The umask command can restricts permissions.
1. The umask command cannot grant extra permissions beyond what is specified by the program that creates the file or directory. If you need to make permission changes to existing file use the chmod command.
One wierd example but still follows logic
==========================================

777 – 077 = 700 = so thats drwx——
666 – 077 = 6,-1,-1 (-1? whats that, well just round it up to 0)… so its just 600 = so thats -rw——-

Test:

# umask 077
# mkdir d077
# touch f077

Here is the folder and file permissions in their respective order:

drwx——
-rw——-

To see umasks
===============

Typical umask inverse notation with octal bits

$ umask
0022

Not inverse notation with symbolic notations:

$ umask -S
u=rwx,g=rx,o=rx

Note about first bit in 4 bit setting of umask

====================================

The first bit of the umask to deal with special bits, must always be 0, if you set it to 1,2,3,4,5,6,7 it will fail

ERROR MESSAGE LIKE THIS:

umask: 7002: octal number out of range

 

Notes about umasks “range”, if it will affect the command callers shell
====================================================

CITATION: http://man.cx/umask(1)

The umask utility shall set the file mode creation mask of the current shell execution environment (see Shell Execution Environment ) to the value specified by the mask operand. This mask shall affect the initial value of the file permission bits of subsequently created files. If umask is called in a subshell or separate utility execution environment, such as one of the following:

(umask 002) 
nohup umask ... 
find . -exec umask ... \;

Exceptions
###########

Excerpt from: http://en.wikipedia.org/wiki/Umask

Note: Many operating systems do not allow a file to be created with execute permissions. In these environments, newly created files will always have execute permission disabled for all users.
The mask is generally only applied to functions that create a new file, however, there are exceptions. For example, when using UNIX and GNU versions of chmod to set the permissions of a file, and symbolic notation is used, and no user is specified, then the mask is applied to the requested permissions before they are applied to the file. For example:

$ umask 0000
$ chmod +rwx filename
$ ls -l filename
-rwxrwxrwx filename
$ umask 0022
$ chmod +rwx filename
$ ls -l filename
-rwxr-xr-x filename

 

Leave a Reply

Your email address will not be published. Required fields are marked *