Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
RHCSA - Manage Security: Manage Default File Permissions
Understanding umask
The umask is a three-digit octal value that represents the permissions mask used when creating new files and directories. It subtracts the umask value from the default permission settings to determine the effective permissions. The default permission settings are 666 for files and 777 for directories.
Each digit in the umask value corresponds to a permission set, with the first digit represents the permissions for the owner, the second digit represents the permissions for the group, and the third digit represents the permissions for others.
The following table shows the effect the umask value can have for the default file and directory permissions
| Umask Value | Remaining Permissions on Files | Remaining Permissions on Directories |
|---|---|---|
| 0 | Read & Write | Read, Write & Execute |
| 1 | Read & Write | Read & Write |
| 2 | Read | Read & Execute |
| 3 | Read | Read |
| 4 | Write | Write & Execute |
| 5 | None | Write |
| 6 | None | Execute |
| 7 | None | None |
Configuration Files
The default umask value can be set in various configuration files depending on the Linux distribution and system setup. Here are some commonly used files:
- /etc/profile: This file contains system-wide environment variables and settings. Modifying the
umaskvalue in this file affects all users on the system. - /etc/bashrc: This file is executed for interactive Bash shell sessions. Setting the
umaskvalue here affects all users who use the Bash shell interactively. - User-Specific Configuration Files: Users can set their
umaskvalue in their individual configuration files such as~/.profile,~/.bashrcor~/.bash_profile. These settings override the system-wide defaults for individual users.
It can also be set in a drop in file within the /etc/profile.d/ directory. The best approach to set system wide umask is by using a drop in file called umask.sh.
Configuring the Default umask
Follow the exercise below to amend the default umask:
In the exercise below the umask output shows as four digits and not three. This is because a 0 is assumed for the special permissions column (set uid, set gid, sticky bit) when a value is not provided. In fact, in the exercise below you will specify the umask as 027 but you can also use 27 which will resolve to 0027:
Amend default file and directory permissions:
Check your current umask:
umask
For me this displays as 0022, the default on Red Hat 9.
Amend default umask to 027 via drop in file:
sudo sh -c "echo 'umask 027' > /etc/profile.d/umask.sh"
Check umask again and notice how it has not updated:
umask
Simulate a login to load the configuration change:
bash -l
Check umask again and notice how it has now updated to 0027:
umask
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.