The umask
command can be used to determine the default file creation
mode on your system. It is the octal complement of the desired file
mode. If files are created without any regard to their permissions
settings, the user could inadvertently give read or write permission
to someone that should not have this permission. Typical umask
settings include 022
, 027
, and 077
(which is the most
restrictive). Normally the umask is set in /etc/profile
, so it applies
to all users on the system. The file creation mask can be calculated
by subtracting the desired value from 777. In other words, a umask of
777 would cause newly-created files to contain no read, write or execute
permission for anyone. A mask of 666 would cause newly-created files
to have a mask of 111. For example, you may have a line that
looks like this:
# Set the user's default umask
umask 033
Be sure to make root's umask 077
, which will disable read, write, and
execute permission for other users, unless explicitly changed using
chmod
. In this case, newly-created directories would have 744
permissions, obtained by subtracting 033 from 777. Newly-created files
using the 033 umask would have permissions of 644.
If you are using Red Hat, and adhere to their user and group ID
creation scheme (User Private Groups), it is only necessary to use 002
for a umask
. This is due to the fact that the default configuration
is one user per group.