Posted on 02/27/2019 3:25:59 AM PST by ShadowAce
Return, or set, the value of the system's file mode creation mask.
On Linux and other Unix-like operating systems, new files are created with a default set of permissions. Specifically, a new file's permissions may be restricted in a specific way by applying a permissions "mask" called the umask. The umask command is used to set this mask, or to show you its current value.
umask [-S] [mask]
| -S | Accept a symbolic representation of a mask, or return one. |
| mask | If a valid mask is specified, the umask is set to this value. If no mask is specified, the current umask value is returned. |
As you may know, each file on your system has associated with it a set of permissions that are used to protect files: a file's permissions determine which users may access that file, and what type of access they have to it.
There are three general classes of users:
In turn, for each of these classes of user, there are three types of file access:
So, for each of the three classes of user, there are three types of access. Taken together, this information makes up the file's permissions.
There are two ways to represent a file's permissions: symbolically (using symbols like "r" for read, "w" for write, and "x" for execute) or with an octal numeric value.
For example, when you list the contents of a directory at the command line using the ls command as follows:
ls -l
you will see (among other information) the file permission information for each file. Here, it is represented symbolically, which will look like the following example:
-rwxr-xr--
There are ten symbols here. The first dash ("-") means that this is a "regular" file, in other words, not a directory (or a device, or any other special kind of file). The remaining nine symbols represent the permissions: rwxr-xr--. These nine symbols are actually three sets of three symbols each, and represent the respective specific permissions, from left to right:
| symbols | meaning |
|---|---|
| rwx | the file's owner may read, write, or execute this file as a process on the system. |
| r-x | anyone in the file's group may read or execute this file, but not write to it. |
| r-- | anyone at all may read this file, but not write to it or execute its contents as a process. |
The general symbolic form of a mask is as follows:
[user class symbol(s)][permissions operator][permission symbol(s)][,]...
permission symbol is any combination of r (read), w (write), or x (execute), as described above.
user class symbol may be one or more of the following:
| u | User (the owner of the file) |
| g | Group (any member of the file's defined group) |
| o | Other (anyone else) |
| a | All (equivalent to ugo) |
permissions operator may be one of the following:
| + | allow the specified file permissions to be enabled for the specified user classes (permissions that are not specified are unchanged in the mask) |
| - | prohibit the specified file permissions from being enabled for the specified user classes (permissions that are not specified are unchanged in the mask) |
| = | allow the specified file permissions to be enabled for the specified user classes (permissions not specified will be prohibited by the mask during file creation) |
So, for example, the following umask command:
umask u+w
sets the mask so that when files are created, they will have permissions which allow write permission for the user (file owner). The rest of the file's permissions would be unchanged from the operating system default.
Multiple changes can be specified by separating multiple sets of symbolic notation with commas (but not spaces!). For example:
umask u-x,g=r,o+w
This command will set the mask so that when subsequent files are created, they will have permissions that:
Note that if you use the equals operator ("="), any permissions not specified will be specifically prohibited. For example, the command
umask a=
Will set the file creation mask so that new files are inaccessible to everyone.
The file creation mask can also be represented numerically, using octal values (the digits from 0 to 7). When using octal numeric representation, certain numbers represent certain permissions, and these numbers are added or subtracted from each other to represent the final, combined permissions value. Specifically, the numbers 1, 2, and 4 represent the following permissions:
| number | permission |
|---|---|
| 4 | read |
| 2 | write |
| 1 | execute |
These numbers are used because any combination of these three numbers will be unique. The following table illustrates their unique combinations:
| read value + | write value + | execute value = | combined value: | symbolic equivalent: |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | |
| 0 | 0 | 1 | 1 | x |
| 0 | 2 | 0 | 2 | w |
| 0 | 2 | 1 | 3 | wx |
| 4 | 0 | 0 | 4 | r |
| 4 | 0 | 1 | 5 | rx |
| 4 | 2 | 0 | 6 | rw |
| 4 | 2 | 1 | 7 | rwx |
For each class of user, one digit can be used to represent their permissions; using the example above, we could represent the symbolic permission of rwxr-xr-- using the three-digit octal number 754. The order of the digits is always the same: User, Group, Other.
In octal representations of file permissions, there are actually four digits. The three important digits we've discussed are the last three digits. The first digit is a special file permission indicator, and for the purposes of this discussion can be considered always to be zero. So from here on out, when we discuss file permission 777, it may also be referred to as 0777.
The umask masks permissions by restricting them by a certain value.
Essentially, each digit of the umask is "subtracted" from the OS's default value to arrive at the default value that you define. It's not really subtraction; technically, the mask is negated (its bitwise compliment is taken) and this value is then applied to the default permissions using a logical AND operation. The result is that the umask tells the operating system which permission bits to "turn off" when it creates a file. So it's not really subtraction, but it's a similar concept, and thinking of it as subtraction can help to understand it.
In Linux, the default permissions value is 666 for a regular file, and 777 for a directory. When creating a new file or directory, the kernel takes this default value, "subtracts" the umask value, and gives the new files the resulting permissions.
This table shows how each digit of the umask value affects new file and directory permissions:
| umask digit | default file permissions | default directory permissions |
|---|---|---|
| 0 | rw | rwx |
| 1 | rw | rw |
| 2 | r | rx |
| 3 | r | r |
| 4 | w | wx |
| 5 | w | w |
| 6 | x | x |
| 7 | (no permission allowed) | (no permission allowed) |
So if our umask value is 022, then any new files will, by default, have the permissions 644 (666 - 022). Likewise, any new directories will, by default, be created with the permissions 755 (777 - 022).
To view your system's current umask value, enter the command:
umask
which will return your system's umask as a four-digit octal number, for example:
0002
Again, the first zero is a special permission digit and can be ignored; for our purposes, 0002 is the same as 002.
To view this as a symbolic representation, use the -S flag:
umask -S
Which will return the same value symbolically, for example:
u=rwx,g=rwx,o=rx
where u stands for user, g stands for group, and o stands for other. This is telling us the So if we create a new file, it will have the default permissions 664, which is 666 (the default permissions for files) masked by 002 (our umask value).
Let's test this by creating a new file with the touch command:
touch testfile
And now let's get a directory listing for that file:
ls -l testfile
-rw-rw-r-- 1 myusername myusername 0 Jan 7 14:29 testfile
As expected, the new file has permissions -rw-rw-r--, or 0664: The owner and group may read or write the file, and others may only read it.
Now let's change the umask. To set a umask of 022, use the command:
umask 022
This is the same as running umask 0022; if you specify only three digits, the first digit will be assumed to be zero. Let's verify that the change took place:
umask
0022
And now let's create a new file:
touch testfile2
And now let's view its directory listing, along with the first file we created, using the asterisk wildcard ("*") to view all files whose name start with "testfile":
ls -l testfile*
-rw-rw-r-- 1 myusername myusername 0 Jan 7 14:29 testfile -rw-r--r-- 1 myusername myusername 0 Jan 7 14:39 testfile2
As you can see, testfile2 has the permissions 644.
Here are some other example umask commands:
umask a+r
Sets the mask so that new files will allow all users to read them; other permissions will be unchanged from the default.
umask a-x
Sets the mask so that new files will not initially be executable by any user; other default permissions unchanged from defaults.
umask u=rw,go=
Sets the mask so that new files will be readable and writable by the user who owns the file, but may not be executed; group members and others will have no permissions to access the file.
umask 777
Make new files inaccessible to everyone - no one can read, write, or execute them.
umask 000
Make new files completely accessible (read, write, and execute) to absolutely everyone. However, this is a bad idea. Don't do this.
Oh brother.
BTW: Unix was developed at Bell Labs in New Jersey.
Sorry.
And I just did it again in another post. smh
What a nice display of grace! I'm going to hit the shower, head into the office and carry that example with me today. :-)
Thanks for the additional info.
AT&T and Berkley Computer Science Dept were early UNIX collaborators.
The earliest distributions of Unix from Bell Labs in the 1970s included the source code to the operating system, allowing researchers at universities to modify and extend Unix. The operating system arrived at Berkeley in 1974, at the request of computer science professor Bob Fabry who had been on the program committee for the Symposium on Operating Systems Principles where Unix was first presented.
How do these Linux threads relate to a free republic?
Did reddit kick you off there?
Correct. Brian Kernighan, Dennis M. Ritchie and Ken Thompson were the principle designers.
AT&T, because of its monopoly in the communications industry, was forbidden by the Governments antitrust legislation from competing in the computer industry to this day and even after the break up of AT&T.
Virtually every major innovative advancement in computers science was developed on Unix platforms at the Palo Alto Research Center, AT&T Bell Labs, University of California Berkeley, Massachusetts Institute of Technology and at the National Security Agency.
UNIX was becoming the defacto Operating System Standard in industry and government throughout the 80’s. The variations in the kernel of the Operating system and differences in the set of commands and their command line arguments however was causing problems with application portability, so the Federal Government mandated the POSIX ( portable operating system ) Application Programmers Interface (API) standard.
All work on Graphical User Interface design at Universities across the country was essential put on hold until all UNIX systems became compliant with the POSIX standard for the Military which had gone into Unix big time.
Graphical User Interfaces existed on UNIX platforms long before Apple and Windows sold them to the public. In fact Apple’s interface was inspired by a field trip by Steve Jobs and the Woz to PARC. (Apples major contribution was the clipping algorithm for efficient GUI interface refreshing ) I was working on a MIT X11 windowing based system several years before they appeared on the first Macintosh’s and MS Windows Version 1 systems.
In the mean time, Microsoft and Apple continued with its one size fits all GUI design and wrote a piece of crap POSIX library that someone in .gov must have been paid off with stock options to certify as POSIX compliant.
The government, because of costs and a standardized set of Office software that people had become use too while UNIX was screwing with the .gov mandated POSIX standard ended up handing Microsoft control of the Desk top market. UNIX has been relegated to the back-end server market as a result.
Until Microsoft’s development tools caught up with UNIX, most MS software was developed on UNIX workstations! Microsoft’s development platform was also split into a set of API interfaces for internal development by Microsoft developers only and another set for sale to non-microsoft developers. ( Proven in court ).
The non-Microsoft developer API’s were by design buggy which gave Microsoft a monopoly on developing products that caused fewer Blue Screens of Death.
For years I could write a simple Perl Script that sent a malformed UDP broadcast packet across the Local Network and Blue Screened every Microsoft product in the Office.
I spent 33 years in the IT industry and can proudly say I never had Windows Platform on my desk for anything other than mandate MS-word documents and to test the portability of stuff I worked on.
In the same way that every other special interest group (SIG) relates. Do you complain about the music threads? The humor threads? The food threads?
To answer a little better--Linux is open source. It givves the user (us) the ability to run our computers as we see fit--not as a giant corporation thinks we should. It enables our freedom, not restricts it.
It provides complete transparency into the tools we use to communicate with each other, and doesn't try to hide any means of spying or control within the computers we all use.
It gives us some insight into the platform that FreeRepublic is based on, so we can try (if we are interested) to see how complicated John's job is at maintaining and running this site.
It allows people of similar interests to gather together to discuss a mutually interesting topic, which (last time I checked) was pretty much the basis for Free Speech.
Usally people have self control. I guess you don’t. You never have actually. NO one gives a care about Apple.
Of course, Windows admin'ing isn't boring either, but IMO, not as much fun. :-)
Amen
( Pardon me if my comment belongs in the Religion thread ) (LOL)
The only thing my company-mandated windows desktop does on my desk is run my Linux VM.
“the basis for Free Speech. “
So you disagree with Jim Robinson about banning liberal trolls from FR because that would violate their free speech? Good to know.
I started on AT&T UNIX 3 in the Late 70’s and early 80’s.
Did my graduate work on UCB Berkeley systems on VAX 11/780’s and on AT&T 3b220’s because they gave them to us.
My machine was one of the first 100 on the ARPANET ( todays internet ).
We worked on and BETA tested the first versions of Domain Name Services (DNS) to replace hand editing the hosts file from Unix-to-Unix Copy Protocol (UUCP) based mail updates for new hosts in the hosts file.
I’ve been retired for 4 years now.
It's actually pretty easy.
The WiFi where I am would never support a bot.
Yep these machines are the beast. smile.
You need not strain your brain with Linux now. My first install was in 1994, UMSDOS version of Slackware on a DOS machine. All set up in command line, but smooth as silk and fast as a flushing quail. It was super stable.
Now Linux will run on about anything. Old slow machines work well if you pick a light distribution. They are simply fun and you don’t need to understand what is under the hood. And it is easier to install (normally) than a Windows install. It is not encumbered by all the legal nonsense.
Try it, you might actually like it. smile.
Really, it is no longer just a coder’s tool.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.