What is File Mask in Linux?

In Linux, a file mask, often referred to as umask, is a fundamental concept that governs the default permissions assigned to newly created files and directories. These permissions determine what is file mask in Linux can read, write, or execute the files and directories. Understanding how file masks work is crucial for maintaining the security and access control of your Linux system.

How Does Umask Work?

When a new file or directory is created in Linux, it inherits permissions from the parent directory. To answer the question of what is file mask in Linux, we need to understand that a file mask modifies these default permissions to restrict certain access rights. The file mask essentially acts as a filter that blocks specific permissions on new files, ensuring that they don't get overly permissive settings by default.

The umask Command Syntax

The umask command in Linux is used to display and set the file mask for the current shell session. The syntax of the umask command is as follows:

Here, options allow you to customize the output format, and new_mask is an optional argument that lets you set a new file mask value.

Symbolic and Numeric umask Values

The file mask can be represented using either symbolic notation or numeric notation. Both notations achieve the same result but provide different ways of expressing the permissions.

Symbolic Notation

In symbolic notation, the file mask is represented using letters and symbols. The letters u, g, and o stand for "user," "group," and "others", respectively. The symbols +, -, and = are used to "add", "remove", or "set" permissions. The common permissions are represented by r (read), w (write), and x (execute). Understanding what is file mask in Linux, and grasping these symbols and letters, allows you to control and fine-tune the default permissions of newly created files and directories.

For example, the symbolic notation u=rw, g=r, and o=, means that the user has read and write permissions, the group has read permission, and others have no permissions.

Numeric Notation

In numeric notation, the file mask is represented using a three-digit octal number. Each digit corresponds to the permission bits for user, group, and others, respectively. The numeric values for read, write and execute are 4, 2, and 1, respectively.

For example, a numeric file mask value of 022 means that the default permissions will be 644 for files and 755 for directories. Here, the owner has read and write permissions, and others have read and execute permissions.

How to Calculate Umask Values

To determine the effective permissions applied by the file mask, you need to subtract the desired permissions from a base value. The base value is usually the maximum permission set (777 for directories and 666 for files). The subtraction is done in the following manner:

1. For each permission bit (read, write, execute) you want to remove, subtract the corresponding numeric value from the base value.
2. The result will be the numeric file mask value.

For example, if you want to prevent group and others from having write and execute permissions, you'd subtract 2+1 = 3 from the base value 777, resulting in a file mask value of 755.

How to Set and Update the Default Umask Value

In Linux, the default file mask value is set and controlled by the system configuration. However, users can also customize the default file mask for their shell sessions.

Permanently Changing Default Umask

To permanently change the default file mask for all future sessions, you need to modify the system-wide configuration file located at /etc/profile or /etc/login.defs. The exact method may vary depending on the Linux distribution.

1. Open the chosen configuration file in a text editor with administrative privileges (e.g., sudo nano /etc/profile).
2. Look for the line that sets the default umask value (usually using the umask command).
3. Modify the default umask value to your desired value.
4. Save the file and exit the text editor.

Changing Umask for Current Session

To change the file mask for the current shell session, you can use the umask command without any options followed by the desired new mask value. For example, to set the file mask to 027, you'd type:

This change will only apply to the current session and its child processes.

Temporarily Suppressing Default Umask

Sometimes, you may need to temporarily suppress the default umask value to ensure that a file or directory is created without any restrictions. In such cases, you can use the umask command with the --no-signal option:

This sets the umask value to 000, effectively allowing full permissions for all.

Setting Up a Symbolic Umask Value

To set up a symbolic umask value, you can use the umask command with the symbolic notation. For example, to have the umask u=rwx,g=rw,o=, meaning files have permissions 644 and directories have permissions 755, you'd use the following command:

This command will update the umask for the current session accordingly.

Setting Up a Numeric Umask Value

To set up a numeric umask value, you can use the umask command with the numeric notation. For instance, if you want the umask to be 027, restricting group and others' write and execute permissions, you'd use the following command: