|
|
When new files are created, their initial permissions are determined by their file creation mask. The umask(C) command is executed whenever you log in, and it automatically sets the mask to restrict the permissions placed on any files that you create. You can change the permissions placed on new files by running umask again; the new permissions override the old ones.
To change the permissions applied to a newly created file, specify the permissions you want to have removed from the new file. In this way, specifying a file creation mask of o=rwx causes read, write and execute permission to be denied to other users.
$ touch test $ l test -rw-rw-r-- 1 charles techpubs 0 Feb 22 09:29 test $ umask u=,g=w,o=rwx $ touch test.2 $ l test.2 -rw-r----- 1 charles techpubs 0 Feb 22 09:30 test.2The touch(C) command creates an empty file, in this case called test.
In the command lines above, the umask command specifies that write permission is to be removed from members of the file's group, and that read, write, and execute permissions are to be removed from other users. No change is made to the permissions available to the file's owner.
Note that you cannot normally create an executable file using umask; you can only change a file's permissions to make it executable. For example, if your umask is umask u=,g=,o=rwx this gives your default file permissions of 660 (rw-rw----), not 770 (rwxrwx---), even though execute permissions for user and group have not been removed. The only exceptions to this rule are when creating a directory or compiling a program to create an executable binary (in which case the executable bits are set in accordance with your umask).
You can set umask using octal permissions. To set the umask, work out what permissions you want to give newly created files in octal, then subtract them from 777. (Remember, the permissions specified in your umask are removed from the file, not added.) Accordingly, umask 022 removes write permission from the group and other user classes: a file created with an initial mode of 777 becomes 755 and a file created with 666 becomes 644.