The umask command controls the default permissions that are assigned to a file when it is created. It uses octal notation to remove a bitmask from the file-mode attribute.
See the example below:
0002 [[email protected] cmdline]$ Touch Foo.txt[[email protected] cmdline]$ ls-l foo.txt-rw-rw-r-- 1 ucm UCM 0 oct 3 17:32 Foo.txt
First, delete all copies of the Foo.txt file to ensure that everything is restarted. Next, allow the umask command without any parameters to view the current mask value, and the resulting value is 0002 (0022 is another common default), which is the octal representation of the mask. Then create a new instance of the file Foo.txt to view the permissions for the file.
You can see that both the file owner and the group have read and write permissions, while all other users read-only permissions. The reason that all other users do not have write permissions is the mask value. Repeat the instance, but this time you set the mask value yourself.
umask 0000 [[email protected] cmdline]$ Touch Foo.txt[[email protected] cmdline]$ ls-l foo.txt-rw-rw-rw- 1 ucm UCM 0 oct 3 17:38 Foo.txt
When the mask is set to 0000 (which is actually turned off), you can see that all other users also have write permissions. To understand how it is implemented, take a look at the octal number. If you expand the Mask into binary form and then compare it to the property, you can see what's going on.
| Original file Mode | ---rw-rw-rw- |
| Mask | 000 000 000 010 |
| Results | ---rw-rw-r-- |
When the mask is set to 0000 (which is actually turned off), you can see that all other users also have write permissions. To understand how it is implemented, take a look at the octal number. If you expand the Mask into binary form and then compare it to the property, you can see what's going on.
Ignoring the previous 0 in the mask and observing the 1 in the mask, you will find that the property of the 1 location is deleted-in this case, the Write permission for all other users. This is how the mask operates. Each occurrence of a 1 position in the masked binary value has its corresponding property canceled. If you set the mask value to 0022 then do the following.
| Original file Mode | ---rw-rw-rw- |
| Mask | 000 000 010 010 |
| Results | ---rw-r--r-- |
Similarly, the location where 1 appears in the binary value, the corresponding property is canceled. You can try another mask value (try some with the number 7) to familiarize yourself with the way the mask operates. Remember to clean up the file after each operation and restore the mask value to the default value.
[Email protected] cmdline]$ rm-f foo.txt; Umask 0002
In most cases, you do not need to modify the mask value, and the default mask value provided by the system is good. However, in some high-security environments, you need to control the mask value.
Command formatUmask [-P] [-S] [mode]
Command parameters-P
If mode is omitted, the current mask value is output in a reusable form.
-S
Displays the current mask value in the form of a character.
A) Displays the current mask value in the form of a character.
[Email protected] cmdline]$ Umask-su=rwx,g=rwx,o=rx
Linux Commands-umask: Display or set file mode mask values
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
