umask(1)

NAME

umask — set or display the file mode creation mask

SYNOPSIS

Set Mask

umask mask

Display Mask

umask [-S]

DESCRIPTION

The umask command sets the value of the file mode creation mask or displays the current one. The mask affects the initial value of the file mode (permission) bits for subsequently created files.

Setting the File Mode Creation Mask

The umask mask command sets a new file mode creation mask for the current shell execution environment. mask can be a symbolic or numeric (obsolescent) value.

A symbolic mask provides a flexible way of modifying the mask permission bits individually or as a group. A numeric mask specifies all the permission bits at one time.

When a mask is specified, no output is written to standard output.

Symbolic Mask Value

A symbolic mask replaces or modifies the current file mode creation mask. It is specified as a comma-separated list of operations in the following format. Whitespace is not permitted.

[who][operator][permissions][, ...]

The fields can have the following values:

who

One or more of the following letters:

u: Modify permissions for user (owner).
g: Modify permissions for group.
o: Modify permissions for others.

Or:

a: Modify permissions for all (a = ugo).

operator

One of the following symbols:

+: Add permissions to the existing mask for who.
-: Delete permissions from the existing mask for who.
=: Replace the existing mask for who with permissions.

permissions

One or more of the following letters:

r: The read permission.
w: The write permission.
x: The execute/search permission.

If one or two of the fields are omitted, the following table applies:

`Format Entered`	`Effect`	`Input`	`Equals`
`who`	Delete current permissions for `who`	`g`	`g=`
`operator`	No action	`-`	(none)
`permissions`	Equal to: `a+permissions`	`rw`	`a+rw`
`who=`	Delete current permissions for `who`	`u=`	`u=`
`who+`	No action	`u+`	(none)
`who-`	No action	`u-`	(none)
`whopermissions`	Equal to: `who=permissions`	`ux`	`u=x`
`operatorpermissions`	Equal to: `aoperatorpermissions`	`-rw`	`a-rw`

Numeric Mask Value (Obsolescent)

A numeric mask replaces the current file mode creation mask. It is specified as an unsigned octal integer, constructed from the logical OR (sum) of the following mode bits (leading zeros can be omitted):

( a=rwx,u-r)  Read by owner
( a=rwx,u-w)  Write by owner
( a=rwx,u-x)  Execute (search in directory) by owner
( a=rwx,g-r)  Read by group
( a=rwx,g-w)  Write by group
( a=rwx,g-x)  Execute/search by group
( a=rwx,o-r)  Read by others
( a=rwx,o-w)  Write by others
( a=rwx,o-x)  Execute/search by others

Displaying the Current Mask Value

To display the current file mode creation mask value, use one of the commands:

umask -S

Print the current file mode creation mask in a symbolic format:

u=[r][w][x],g=[r][w][x],o=[r][w][x] 

The characters r (read), w (write), and x (execute/search) represent the bits that are clear in the mask for u (user/owner), g (group), and o (other). All other bits are set.

umask

Print the current file mode creation mask as an octal value.

0[o][o][o]

The zero bits in the numeric value correspond to the displayed r, w, and x permission characters in the symbolic value. The one bits in the numeric value correspond to the missing permission characters in the symbolic value.

Depending on implementation, the display consists of one to four octal digits; the first digit is always zero (see DEPENDENCIES). The rightmost three digits (leading zeros implied as needed) represent the bits that are set or clear in the mask.

Both forms produce output that can be used as the mask argument to set the mask in a subsequent umask command.

General Operation

When a new file is created (see creat(2)), each bit that is set in the file mode creation mask causes the corresponding permission bit in the the file mode to be cleared (disabled). Conversely, bits that are clear in the mask allow the corresponding file mode bits to be enabled in newly created files.

For example, the mask u=rwx,g=rx,o=rx (octal 022) disables group and other write permissions. As a result, files normally created with a file mode shown by the ls -l command as -rwxrwxrwx (octal 777) become mode -rwxr-xr-x (octal 755); while files created with file mode -rw-rw-rw- (octal 666) become mode -rw-r--r-- (octal 644).

Note that the file creation mode mask does not affect the set-user-id, set-group-id, or "sticky" bits.

The file creation mode mask is also used by the chmod command (see chmod(1)).

Since umask affects the current shell execution environment, it is generally provided as a shell regular built-in (see DEPENDENCIES).

If umask is called in a subshell or separate utility execution environment, such as one of the following:

(umask 002) 
nohup umask ...
find . -exec umask ...

it does not affect the file mode creation mask of the calling environment.

The default mask is u=rwx,g=rwx,o=rwx (octal 000).

RETURN VALUE

umask exits with one of the following values:

0: The file mode creation mask was successfully changed or no mask operand was supplied.
>0: An error occurred.

EXAMPLES

In these examples, each line show an alternate way of accomplishing the same task.

Set the umask value to produce read and write permissions for the file's owner and read permissions for all others (ls -l displays -rw-r--r-- on newly created files):

umask u=rwx,g=rx,o=rx    symbolic mode
umask a=rx,u+w           symbolic mode
umask 022                numeric mode

Set the umask value to produce read, and write permissions for the file's owner, read-only for others users in the same group, and no access to others (-rw-r-----):

umask a-rwx,u+rw,g+r     symbolic mode
umask u=rw,g=r,o=        symbolic mode
umask ,u+rw,g+r          symbolic mode
umask 137                numeric mode

Set the umask value to deny read, write, and execute permissions to everyone (----------):

umask a=                 symbolic mode
umask 777                numeric mode

Add the write permission to the current mask for everyone (there is no equivalent numeric mode):

umask a+w                symbolic mode

WARNINGS

If you set a mask that prevents read or write access for the user (owner), many programs, such as editors, that create temporary files will fail because they cannot access the file data.

DEPENDENCIES

The umask command is implemented both as a separate executable file (/usr/bin/umask) and as built-in shell commands.

POSIX Shell and Separate File

All features are supported (see sh-posix(1)). The numeric mask display uses a minimum of two digits.

Korn Shell

The -S option is not supported in the Korn shell built-in command (see ksh(1)). The numeric mask display uses a minimum of two digits.

C Shell

The -S option and symbolic mask values are not supported in the C shell built-in command (see csh(1)). The numeric mask display uses a minimum of one digit.

STANDARDS CONFORMANCE

umask: SVID2, SVID3, XPG2, XPG3, XPG4, POSIX.2