Textbook of Linux

The umask ("user mask") is a per-process bitmask that strips bits from the default permissions of newly created files and directories. When a program creates a file with mode 0666 (rw-rw-rw-) and the umask is 022, the resulting file has 0644 (rw-r--r--)—the umask bits are cleared. Directories start at 0777 and are similarly masked.

umask                           # show current (usually 0022)
umask 0077                      # new files visible only to owner
umask 0002                      # group writable (for group projects)

Typical values are 022 for ordinary systems (world-readable defaults) and 077 for privacy-conscious setups. Setting umask in ~/.bashrc or /etc/profile changes it for all shell-launched processes; for systemd services, UMask= in the unit file does the equivalent.

Most users never set umask explicitly, relying on the distribution default. It becomes important when creating files in shared directories: a umask of 002 combined with a setgid directory lets a group of users read and write each other's files without fussing with chmod on each new file.