Umask :
The umask (UNIX shorthand for "user file-creation mode mask") is a four-digit octal number that UNIX uses to determine the file permission for newly created files.
Every process has its own umask, inherited from its parent process.
The umask specifies the permissions you do not want given by default to newly
created files and directories. umask works by doing a bitwise AND with the bitwise complement of the umask. Bits that are set in the umask correspond to permissions that are not automatically assigned to newly created files.
By default, most UNIX versions specify an octal mode of 666 (any user can read or write the file) when they create new files. Likewise, new programs are created with a mode of 777 (any user can read, write, or execute the program).
The most common umask values are 022, 027, and 077. A umask value of 022 lets the owner both read and write all newly created files, but everybody else can only read them:
0666 default file-creation mode
(0022) umask
0644 resultant mode
A umask value of 077 lets only the file's owner read all newly created files:
0666 default file-creation mode
(0077) umask
0600 resultant mode
A simple way to calculate umask values is to remember that the number 2 in the
umask turns off write permission, while 7 turns off read, write, and execute
permission.
A umask value of 002 is commonly used by people who are working on group
projects. If you create a file with your umask set to 002, anyone in the file's group will be able to read or modify the file. Everybody else will only be allowed to read it:
0666 default file-creation mode
(0002) umask
0664 resultant mode
On many UNIX systems, the default umask is 022. This is inherited from the init
process, as all processes are descendants of init. Some systems may be configured to use another umask value, or a different value may be set in the startup files.
The designers of these systems chose this umask value to foster sharing, an open computing environment, and cooperation among users. Most prototype user accounts shipped with UNIX operating systems specify 022 as the default umask, and many computer centers use this umask when they set up new accounts. Unfortunately, system administrators frequently do not make a point of explaining the umask to novice users, and many users are not aware that most of the files they create are readable by every other user on the system.
A recent trend among computing centers has been to set up new accounts with a
umask of 077, so a user's files will, by default, be unreadable by anyone else on the system unless the user makes a conscious choice to make them readable.
Common umask settings and their effects:
umask User Access Group Access Other
0000 all all all
0002 all all read, execute
0007 all all none
0022 all read, execute read, execute
0027 all read, execute none
0077 all none none