UMASK NOTES
#############
#############

The umask tells the session what mask to apply to new files and folders. Its calculated in inverse. So for files you need to subtract 666 for folders you need to subtract 777. Note: there is a special bit, but its always 0, so never pay attention to it – at least that the case in my debian

umask only changes umask in session, in current putty, so if you have screen or byobu or tmux with several windows and you set umask in one window/pane, it will only last in the window/pane you set it in. Also umask can only see the umask you have set in the current session.

Commands
=========

To see umask the reverse octal bit

To see umask in symbolic notation (not inversed):

To set umask with reverse octal bit:

or

NOTE: if using special bit it can only be 0, see below

Example (a hard one that shows off execptions on file):
==========================================

Note: ignore the 0 in the front

Making a file under this condition

To see what files permissions will be just do this math “6,6,6-umask=file permissions” (note this formula can be solved for umask “6,6,6-file perms = umask”)

6,6,6-1,2,3 = 5,4,3 (meaning -r-xr—wx, first dash for file, then permissions)
So it should be 543 so it will be -r-xr—wx… however you will see that the x bit is removed, some OS dont allow any files to be made with execute bit (even if your root) so if you want execute bit you will need to chmod afterwards
So our 543 -r-xr—wx will turn to -r-r—w BUT IN REALITY IT TURNS TO SOMETHING ELSE!!! These exceptions will rock your world and confuse you, this is why its always good to test how a file is made at the default umask, and if you have a different umask then test to see. Also The rules are less strict and exceptions dont apply on folders
Note: from now on I will skip using the commas, to seperate the bits out, unless needed to show something (as you will see below, when negative numbers come out)

Making a folder under this condition

With folders we subtract with 777

777-123=654
654 is drw-r-xr– (d is first bit because its a folder)

Less exceptions with folders so makes more sense

To see how the exceptions apply (in debian 7.2 atleast)
===========================================

Everything that you see that has a file name of ### is a file that has been made with any umask and then changed to the permission ### with chmod. Note with chmod umask has no affect. umask only affects new files. NOTE: I didnt have to make a folder to show you this, and its fine with just a file, because the chmod has same effect on file and folder (unlike umask which is picky – the point of this whole miniscript and above output is to show you how its picky and what to expect)

d### are new directories made in a shell with umask set to ###
f### are new files made in a shell with umask set to ###

To see this on your system try this:

To see results:

Math rules
===========

777 – folder permission you want = umask to set
777 – umask to set = folder permission you want

666 – file permission you want = umask to set
666 – umask to set = file permission you want
http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

Explain Octal umask Mode 022 And 002
===================================

As I said earlier, if the default settings are not changed, files are created with the access mode 666 and directories with 777. In this example:
1. The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.
2. The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.
3. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

in short:
———-
1. A umask of 022 allows only you to write data, but anyone can read data.
2. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.
3. A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.

Limitations of the umask
————————
1. The umask command can restricts permissions.
1. The umask command cannot grant extra permissions beyond what is specified by the program that creates the file or directory. If you need to make permission changes to existing file use the chmod command.
One wierd example but still follows logic
==========================================

777 – 077 = 700 = so thats drwx——
666 – 077 = 6,-1,-1 (-1? whats that, well just round it up to 0)… so its just 600 = so thats -rw——-

Test:

Here is the folder and file permissions in their respective order:

drwx——
-rw——-

To see umasks
===============

Typical umask inverse notation with octal bits

Not inverse notation with symbolic notations:

Note about first bit in 4 bit setting of umask

====================================

The first bit of the umask to deal with special bits, must always be 0, if you set it to 1,2,3,4,5,6,7 it will fail

ERROR MESSAGE LIKE THIS:

 

Notes about umasks “range”, if it will affect the command callers shell
====================================================

CITATION: http://man.cx/umask(1)

The umask utility shall set the file mode creation mask of the current shell execution environment (see Shell Execution Environment ) to the value specified by the mask operand. This mask shall affect the initial value of the file permission bits of subsequently created files. If umask is called in a subshell or separate utility execution environment, such as one of the following:

Exceptions
###########

Excerpt from: http://en.wikipedia.org/wiki/Umask

Note: Many operating systems do not allow a file to be created with execute permissions. In these environments, newly created files will always have execute permission disabled for all users.
The mask is generally only applied to functions that create a new file, however, there are exceptions. For example, when using UNIX and GNU versions of chmod to set the permissions of a file, and symbolic notation is used, and no user is specified, then the mask is applied to the requested permissions before they are applied to the file. For example:

 

Leave a Reply

Your email address will not be published. Required fields are marked *