Introduction to Linux Umask

Source: Internet
Author: User

A permission mask umask
Umask is supported by chmod. It has a total of four bits (gid/uid, owner, group permission, and permissions of other users), but the last three are usually used, for example, if you use chmod 755 file (the permission for this file is Master read (4) + write (2) + execute (1), the same group and other users have read and write permissions)
Role of binary umask
By default, the umask value is 022 (which can be viewed using the umask command). The default permission for the created file is 644 (6---2 ), the default permission for the Created directory is 755 (7---2). You can use ls-l to verify it. Now you should know the usage of umask, it is used to control the default permissions. Do not assign full permissions to the default files and directories.
3. Modify umask value
After learning about the role of umask, you can modify the value of umask. For example, umask 024 will grant the default permission to files and directories created later to 642,753.
Iv. Save the umask value to the Environment File
If bash is used, you can change umask in the/etc/bashrc file. If csh is used, you can change/etc/csh. cshrc.
Do you know what the default attribute is when you create a new file or directory? Haha! This is related to umask! So what is umask? Basically, umask is to specify the "Default attribute value of the current user when creating a file or directory". How can we know or set umask? Its specified conditions are specified in the following way: Syntax:
[Root @ test root] # umask
0022
[Root @ vbird test] # umask 002 <== followed by three numbers!
[Root @ vbird test] # umask
0002
Note: Check whether the umask value can be set by directly inputting umask? That's right! It is umask followed by three numbers! How can we specify it? It is mainly related to the file attributes of Linux (the nine attributes, r, w, x), and the relationship of scores is used as an example, supplemented by the following rules:
If the user creates an archive, the default "No executable (x) project" is created, that is, only rw projects, that is, up to 666 points.
-Rw-
If the user creates a "directory", x is enabled for all permissions, that is, 777 points, because x is related to whether the user can access this directory.
Drwxrwxrwx
 
Then umask specifies the "permission to be removed for this default value !』 R, w, and x are 4, 2, and 1, respectively! That is to say, if you want to get the write permission, you can enter 2 points. If you want to get the read permission, that is, 4 points, you need to get the read and write permissions, that is, 6 points, but do you need to get the execution and write permissions, that is, 3 points? Excuse me, what is 5 points? Haha! Read and execute permissions! As described in the preceding example, because umask is 002, the user and group attributes are not removed, but the others attributes are removed 2 (w ), therefore, when users:
 
When creating an archive: (-rw-)-(--- w-) ==>-rw-r-
When creating a directory: (drwxrwxrwx)-(--- w-) ==> drwxrwxr-x
 
Don't you believe it? You only need to use touch test and check the file properties of test! So how do you view your current umask? Just issue umask directly! Implementation:
 
[Root @ vbird test] # umask
0002
[Root @ vbird test] # touch test1
[Root @ vbird test] # mkdir test2
[Root @ vbird test] # ls-l
-Rw-r-1 root 0 Oct 22 00:00 test1
Drwxrwxr-x 2 root 4096 Oct 22 00:00 test2/
What have you found? Haha! The property of Test1 is 666-002 = 664! Correct? Yes! Correct! What about the directory test2? Is 777-002 = 775! Correct!
[Root @ vbird test] # umask 003
[Root @ vbird test] # touch test3
[Root @ vbird test] # mkdir test4
[Root @ vbird test] # ll
-Rw-r-1 root 0 Oct 22 00:03 test3
Drwxrwxr-2 root 4096 Oct 22 00:03 test4/
Hey! The attributes are different from those just now! Give me a closer look! Test3 666-003 = 663. What is this ?! 663 should be-rw-wx! How is the above attribute! Haha! He must be particularly stressed here! "Try not to add or subtract numbers !』 It is easy to cause problems similar to the above! You should think like this (-rw-)-(--- wx) =-rw-r-that's right! Do you understand? Do not use decimal numbers! If it is sufficient, it can be calculated in binary format. If you do not know it, you can use rwx to calculate it!
From the above example, you can easily find the usage of umask! This umask can be modified in/etc/bashrc! By default, the root umask is set to 022, while the average user is set to 002. Because the write permission is very serious, the default permission will be removed! In addition, because root is important! Therefore, for the sake of security, the write attribute of the same group is removed! This also contributes to security!
For example, for the u m a s K value 0 0 2, what is the default creation permission for the corresponding files and directories?
Step 1: Write down the mode with all permissions, namely 7 7 7 (all users have read, write, and execute permissions ).
Step 2: Write the corresponding bits in the following line according to the u m a s K value. In this example, It is 0 0 2.
Step 3: In the next row, remember that no matching BITs exist in the above two rows. This is the default directory creation permission.
Remember this method with a little practice.
Step 4: For a file, you cannot have the file permission when creating the file. You only need to remove the corresponding execution permission bit, that is
Yes.
In this example, the u m a s K value is 0 0 2:
1) Maximum File Permission: rwx (777)
2) umask value: 0 0 2--w-
3) directory permission: rwx r-x (775). This is the default permission for Directory Creation.
4) File Permission rw-r-(664) This is the default permission for file creation.
The following is another example. Assume that the u m a s K value is 0 2 2:
1) Maximum File Permission: rwx (777)
2) u m a s K value is 0 2 2--w-
3) directory permission: rwx r-x (755). This is the default permission for Directory Creation.
4) File Permission rw-r-(644) This is the default permission for file creation.

Author "☆cainiao afan's path to growth"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.