umask (User File-Creation Mode Mask) is a Linux command that controls the default permissions given to new files and directories when they are created.

It does not change existing file permissions.
It only defines what permissions should be taken away from new files/directories.

How umask Works

When a file or directory is created, Linux assigns default permissions:

• Files: 666 (rw-rw-rw-) — files are never created as executable

• Directories: 777 (rwxrwxrwx)

umask subtracts specific permissions from these defaults.

Example: Understanding Values

If umask = 022

This removes write permissions for group and others.

New file permission:

666 - 022 = 644  (rw-r--r--)

New directory permission:

777 - 022 = 755  (rwxr-xr-x)

If umask = 002

New file permission:

666 - 002 = 664  (rw-rw-r--)

New directory permission:

777 - 002 = 775  (rwxrwxr-x)

If umask = 077

New file permission:

666 - 077 = 600  (rw-------)

New directory permission:

777 - 077 = 700  (rwx------)

This is used for maximum privacy.

Check Current umask

umask

Set a Temporary umask

umask 022

(This lasts only for the current session.)

Set Permanent umask

Add the desired umask value to:

• ~/.bashrc

• or /etc/profile

Example:

umask 022

In Summary

• umask defines default permissions for new files and directories.

• It works by subtracting permissions.

• Common values: 022, 002, 077.