Frequently Asked Question

What is umask and how does it affect the permissions of new files?

umask is a per-process mask of permission bits that the kernel removes from whatever permissions a program requests when it creates a new file or directory. Programs typically ask for mode 0666 on files and 0777 on directories; the kernel then ANDs that against the bitwise complement of your umask to arrive at the final mode on disk. With the common umask of 022, new files end up rw-r--r-- (0644) and new directories end up rwxr-xr-x (0755).

A more private umask of 077 strips all access from group and others, so new files are rw------- (0600), sensible on a shared server. A collaborative 002 leaves group write enabled (rw-rw-r--), which combined with a setgid project directory lets teammates edit each other's files. The umask is inherited from the shell, so set it in ~/.bashrc, /etc/profile, or systemd unit files (UMask=) depending on the context. Note that the umask never grants a bit a program did not ask for it can only take bits away.