umask is a handy little unix command that sets the default file permissions for all newly created files and directories. I was recently (in 2003, that is) horrified to learn that the textbook I'm using for my basic Linux administration class doesn't even bother to show an example of how it works. Without examples, how are people supposed to figure it out?

This little blurb assumes that you understand the numeric mode of file permissions. That is, if someone tells you to make sure a file has permission 644, you'd be able to do that.

New directories have a default permission of 777, and files have a default permission of 666. Since that's a little over-permissive (really, do you want every user on the system to have read AND write permission on all your files?), we need a way to make sure that we aren't giving away the world.

Conveniently, the umask command comes to the rescue. Basically, the umask command says 'hey, when I create files, automatically run a chmod on them.' What happens is this: When a new file is created, the umask is subtracted from the permissions.

Let's say we have a umask of 022 (which happens to be standard on most Linux distributions these days). When we create new directories, they end up with permissions of 755 (777 - 022 = 755). When we create new files, on the other hand, they end up with default permissions of 644 (666 - 022 = 644).

If this still isn't clear, let's try setting a more secure umask -- 027. We do this by issuing the command umask 027. Now, newly created directories have permissions 750 (777 - 027 = 750), and newly created files will have 640 (666 - 027 = 640). Hold on, you say, since when can a person subtract 7 from six, and end up with zero? Well, this isn't full-bore math we're talking about here. This is just permissions math, where we can't really have negative numbers

umask is a powerful little command, and it is typically run when the user logs in to the system, in the /etc/profile shell script. Your system may be mildly different, but this is the normal behavior for Fedora, Redhat, Mandrake and Mandriva. I cannot speak as to SuSE (which is German, for 'evil'.) or Debian (which is Esperanto for 'pedantic').

This was written by Jeremy Anderson, and is covered by the Gnu Free Documentation License, available at That is, I keep the copyright, you can pretty much use it.