===================== Umask and Permissions ===================== -IAN! idallen@ncf.ca Every process on Unix (including every shell process) has its own "umask". The default permissions for newly created directories is 777 (rwxrwxrwx) masked by the permission bits set in the umask. (See below for an explanation of Unix numeric permissions "777".) The default permissions for newly created files is 666 (rw-rw-rw-) masked by the permission bits set in the umask. Every bit set in the umask *takes away* that permission from the default permissions for newly created files and directories created by that process. Every process has its own umask; the umask is inherited by child processes. The shell command "umask 022" sets to 022 (----w--w-) the permissions to be removed (masked) from the default permissions, for files and directories created by the shell (and by commands run from that shell). It removes write permission for group and other from newly created directories and files. A new directory would have permissions 777 (rwxrwxrwx) masked by 022 (----w--w-) resulting in 755 (rwxr-wr-x) permissions. A new file would have permissions 666 (rw-rw-rw-) masked by 022 (----w--w-) resulting in 644 (rw-r--r--) permissions. Look for "umask" in some of the following pages for more examples: http://www.ucolick.org/~ksa/manual/level2.html#umask http://www.ebone.at/books/programmers/sonstiges/oreillybookself/unix/upt/ch22_02.htm http://www.cs.arizona.edu/computer.help/policy/DIGITAL_unix/AA-PS2HD-TET1_html/uc6.html#s_umask http://www.acm.uiuc.edu/workshops/security/umask.html http://www.inficad.com/~thurmunit/azunix/lectures/08.shtml http://www.cis.rit.edu/class/simg211/unixintro/Access_Permissions.html http://www.uvm.edu/~hag/wcreate/644.html --------------------------------------- Note on "022"-style numeric permissions --------------------------------------- Unix permissions for user, group, and other have traditionally been expressed using a set of three octal digits, where each digit represents the octal number you get by expressing the three "rwx" permissions in binary form. Convert the on permission bits in "rwx" into binary, then convert the binary number to an octal digit. Examples: octal 7 = binary 111 = rwx octal 6 = binary 110 = rw- octal 5 = binary 101 = r-x octal 4 = binary 100 = r-- octal 3 = binary 011 = -wx octal 2 = binary 010 = -w- octal 1 = binary 001 = --x octal 0 = binary 000 = --- Thus "chmod 741" means "set the mode to 741 (rwxr----x)". That is 7 (rwx) for owner, 4 (r--) for group, and 1 (--x) for others. Shell command "umask 027" means "mask (remove) permissions ----w-rwx" (--- for owner, -w- for group, rwx for others). A new directory created under this umask (e.g. by mkdir) would have permissions 777 masked by 027 = 750 (rwxr-x---). A new file created under this umask (e.g. by output redirection) would have permissions 666 masked by 027 = 640 (rw-r-----).