When you mkdir or create files from your user it takes permission that depends on some umask values.

You can check your current umask with:

$ umask
0022

You can calculate result permissions, e.g. using python.

Assume that current umask is XXXX.

Result permissions for new folders:

python -c "print(oct(0o777 & ~0oXXXX))"

Result permissions for new files:

python -c "print(oct(0o666 & ~0oXXXX))"

These formulas are used for most processes that create files (e.g. touch, mkdir), but, you should know that it may be not guaranteed in very very few cases. Why? Read the last part of this tip.

Example

Assume that current umask is 0022, it is a common default value when you add users in many distributions.

~ $ # cehck current umask
~ $ umask
0022
~ $
~ $ # Calculate what permissions will be assigned for new folders 
~ $ python -c "print(oct(0o777 & ~0o0022))"
0755
~ $
~ $ # Create folders for check
~ $ mkdir check1
~ $
~ $ # Check permissions
~ $ ls -la check1
drwxr-xr-x+ 1 user user 0 Dec 18 00:06 .
drwxr-xr-x+ 1 user user 0 Dec 18 00:06 ..
~ $ # yes rwxr-xr-x is 755
~ $
~ $ # calculate permissions for new files and test in same way
~ $ python -c "print(oct(0o666 & ~0o0022))"
0644
~ $ touch check2
~ $ ls -la check2
-rw-r--r-- 1 user user 0 Dec 18 00:07 check2

You can also check folder permissions for current umask in a more easy way:

$ umask -S
u=rwx,g=rx,o=rx

You can assume that new file permission is always new folder permission but without x if it presents in folder permissions.

How to change umask

Now you know how to calculate result permissions using defined umask.

You can use next things to adjust folder permission:

~$ # allow write by default for member of group that folder/file belongs
~$ umask g+w
~$ 
~$ # disable write for owner, set group for read only and add read for others 
~$ umask u-w,g=r,o+r

You can assume that new file permission will always be the same as new folder permission but without x.

To store changes permanently write umask ... command in ~/.bashrc.

Thinking, analyzing, a conclusion

  • Actually when permission of a new file is calculated, the system does some kind of logical bitwise subtraction of umask from default process permission which is 666 for files. (This value depends on the process which creates a file, e.g. touch, mkdir, git when you git pull, etc, and 666 is POSIX standard).
  • also when permission for a new folder calculated, umask subtracted from another value which is 777 according to POSIX standard
  • Logical subtraction used means that umask can only restrict (remove) permissions from the default, and can't add.
  • The above point means that we can't use umask to add execute permissions for files because 666 is "maximum" for them.
  • For default POSIX process modes (666 and 777) new file permission is always new folder permission without x. This very helps to undersend what permissions will be when you see umask -S or when you change umask using +, -, =.
  • You can assume and expect that most processes even non-unix, third-party like git will follow POSIX standard and use 666 and 777. BUT you should also know that any custom process have possibility to change this rule, passing custom mode to a function that works with the file (e.g. open, creat or mkdir)
  • The actual formula of logical subtraction is:

PROCESS_FILE_MODE = oct_666
FILE_PERM = PROCESS_FILE_MODE AND (NOT UMASK)

PROCESS_DIR_MODE = oct_777
FILE_PERM = PROCESS_DIR_MODE AND (NOT UMASK)

  • possibly umask name means that it is a user mask, so is specific for certain user
#linux #permissions