Quick take: The umask command sets the permissions removed from new files and directories. With the common 022, new files get 644 and directories 755. Run umask to view it or umask 027 to tighten it.
Introduction
Every new file and directory gets default permissions, and the umask (user mask) decides them by specifying which permission bits to remove. Understanding umask is key to controlling how open or restricted newly created files are, which matters for both convenience and security.
Syntax
The basic syntax of the umask command is:
umask [OPTIONS] [MASK]How umask Calculates Permissions
umask is subtracted from the base permissions the system grants: 666 for files (no execute) and 777 for directories. The mask's bits are removed from that base.
# With umask 022:
# Files: 666 - 022 = 644 (rw-r--r--)
# Directories: 777 - 022 = 755 (rwxr-xr-x)
# With umask 077:
# Files: 666 - 077 = 600 (rw-------)
# Directories: 777 - 077 = 700 (rwx------)So a larger umask means more restrictive defaults. 022 is the common, convenient default; 027 or 077 are used where privacy matters.
Common Options and Parameters
The most useful options and parameters for the umask command:
| Option | Description |
|---|---|
| umask | Display the current mask in octal. |
| umask -S | Display the mask in symbolic (rwx) form. |
| umask 022 | Set the mask (files 644, directories 755). |
| umask 027 | Tighter mask (files 640, directories 750). |
| umask 077 | Private — files 600, directories 700. |
Practical Examples
Real umask commands you can run today:
# Show the current umask
umask
# Show it in symbolic form
umask -S
# Set a tighter umask for the session
umask 027
# Make new files private to you
umask 077
# Make it permanent (add to ~/.bashrc)
echo 'umask 027' >> ~/.bashrcTips and Best Practices
- umask only affects files created after it is set; it does not change existing files (use
chmodfor those). - Set umask in
~/.bashrc(per user) or/etc/profile(system-wide) to make it permanent. - Use
umask 077on shared servers when new files should be private to their owner by default.
Final Thoughts
umask quietly governs the permissions of everything you create by masking bits off the base mode. The common 022 gives readable defaults, while 027 and 077 tighten them for privacy. Set it in your shell profile to apply consistently, and remember it shapes new files only — chmod fixes existing ones.
FAQ: umask Command in Linux
What does umask do in Linux?+
umask sets a mask of permission bits that are removed from the default when new files and directories are created. With umask 022, new files become 644 and directories 755.
How does umask calculate permissions?+
It subtracts from the base permissions — 666 for files and 777 for directories. For example, umask 022 yields 644 for files (666-022) and 755 for directories (777-022).
How do I make my umask permanent?+
Add a line like umask 027 to ~/.bashrc for your account or to /etc/profile for all users, so it is applied to every new shell session.
What umask should I use for security?+
022 is the convenient default. For more privacy use 027 (group can read, others get nothing) or 077 (only the owner has access), common on shared servers.
Does umask affect existing files?+
No. umask only applies to files and directories created after it is set. To change existing files, use chmod.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support