Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
RHCSA - Manage Security: Manage Default File Permissions
Understanding umask
The umask
is a three-digit octal value that represents the permissions mask used when creating new files and directories. It subtracts the umask
value from the default permission settings to determine the effective permissions. The default permission settings are 666
for files and 777
for directories.
Each digit in the umask
value corresponds to a permission set, with the first digit represents the permissions for the owner, the second digit represents the permissions for the group, and the third digit represents the permissions for others.
The following table shows the effect the umask
value can have for the default file and directory permissions
Umask Value | Remaining Permissions on Files | Remaining Permissions on Directories |
---|---|---|
0 | Read & Write | Read, Write & Execute |
1 | Read & Write | Read & Write |
2 | Read | Read & Execute |
3 | Read | Read |
4 | Write | Write & Execute |
5 | None | Write |
6 | None | Execute |
7 | None | None |
Configuration Files
The default umask
value can be set in various configuration files depending on the Linux distribution and system setup. Here are some commonly used files:
- /etc/profile: This file contains system-wide environment variables and settings. Modifying the
umask
value in this file affects all users on the system. - /etc/bashrc: This file is executed for interactive Bash shell sessions. Setting the
umask
value here affects all users who use the Bash shell interactively. - User-Specific Configuration Files: Users can set their
umask
value in their individual configuration files such as~/.profile
,~/.bashrc
or~/.bash_profile
. These settings override the system-wide defaults for individual users.
It can also be set in a drop in file within the /etc/profile.d/
directory. The best approach to set system wide umask
is by using a drop in file called umask.sh
.
Configuring the Default umask
Follow the exercise below to amend the default umask
:
In the exercise below the umask
output shows as four digits and not three. This is because a 0
is assumed for the special permissions column (set uid, set gid, sticky bit) when a value is not provided. In fact, in the exercise below you will specify the umask
as 027
but you can also use 27
which will resolve to 0027
:
Amend default file and directory permissions:
Check your current umask
:
umask
For me this displays as 0022
, the default on Red Hat 9.
Amend default umask
to 027
via drop in file:
sudo sh -c "echo 'umask 027' > /etc/profile.d/umask.sh"
Check umask
again and notice how it has not updated:
umask
Simulate a login to load the configuration change:
bash -l
Check umask
again and notice how it has now updated to 0027
:
umask
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.