umask (User File-Creation Mode Mask)

The umask command determines the default permissions for newly created files and directories. It acts as a "mask" that strips away specific permissions from the system's default initial mode.

[Image showing the bitwise transition from 777 to 755 using a 022 mask]

---

1. How it works

The system starts with a default permission: * Files: 666 (rw-rw-rw-) * Directories: 777 (rwxrwxrwx)

Formula: Default Permission AND (NOT umask) = Final Permission

---

2. Practical Examples

① Common Setup: 022

• Directory: 777 - 022 = 755 (rwxr-xr-x)
• File: 666 - 022 = 644 (rw-r--r--)

② Shared Group Setup: 002

• Useful when collaborating in the same group.
• File: 666 - 002 = 664 (rw-rw-r--) -> Group members can also edit.

③ Checking Current Mask

umask     # Output: 0022
umask -S  # Output: u=rwx,g=rx,o=rx

---

3. [Tip] Permanent Configuration

To change your default umask, add the command to your shell profile:

echo "umask 027" >> ~/.bashrc
source ~/.bashrc

This ensures all files created in future sessions follow your security preferences.