1. A very short umask and UNIX history
The umask was created in early UNIX systems because many users forgot to set safe permissions on new files. This caused real problems, since people worked on the same machine and could read or change each other’s files by mistake.
In those days, the system gave new files too many permissions by default. Developers kept forgetting to fix them, and this led to accidents, confusion, and security issues.
Ken Thompson and the UNIX team noticed this pattern and said something simple but powerful:
“If people forget to set permissions, then the system should protect them by default.”
So they added umask as a small safety rule. It removes unsafe permissions before a file or folder is created, protecting users from sloppy habits and keeping the system secure by default.
UNIX was always simple, clear, and secure by default.
2. What is umask?
umask is a simple UNIX rule. It tells the system which permissions to remove when you create a new file or folder.
UNIX does not add permissions. UNIX takes away permissions you don’t want.
That is the whole idea.
3. How umask works
When you make a new file, the system starts with a default:
- files start as 666
- folders start as 777
Then umask removes some permissions.
Example:
666 - 022 = 644 # file 777 - 022 = 755 # folder
So umask 022 gives you:
- files: 644
- folders: 755
4. Check your current umask
root@OF:~ # umask 0022 root@OF:~ #
This is the classic UNIX default.
5. Common umask values
| umask | File perms | Folder perms | Meaning |
|---|---|---|---|
| 022 | 644 | 755 | Normal default |
| 027 | 640 | 750 | More secure |
| 077 | 600 | 700 | Private, only you |
| 002 | 664 | 775 | Team/shared work |
6. Set umask (temporary)
root@OF:~ # umask 027 root@OF:~ # umask 0027 root@OF:~ #
This works only in the current shell.
7. Set umask (permanent for one user)
Add this line:
umask 027
To one of these files:
~/.profile~/.bashrc~/.zshrc
8. System-wide umask
If you want all users to have the same umask, edit:
/etc/profile/etc/login.defs- sometimes PAM files (depends on the system)
9. The biggest mistake
Many people put umask only in .bashrc.
But:
- SSH
- cron
- sudo
- systemd
…do not always use .bashrc.
So for real defaults, use system-wide files too.
10. When to use umask 077
Use 077 when files must stay private:
- keys
- backups
- logs
- scripts with secrets
This is the safest choice.
11. Summary
umask is simple; it does the following:
- removes permissions
- protects your files
- follows UNIX philosophy: secure by default
Set it once, and your system becomes safer without extra work.
Recommended Reading
 |
Understanding UNIX by Stan Kelly‑Bootle — a classic UNIX tutorial and reference that explains shells, permissions, scripting, and system tools clearly and simply. (Amazon affiliate link — I may earn a small commission at no extra cost to you.) |