Category Archives: umask

umask and symbolic notation

While studying for the RHCSA exam I came across a question with the requirement to set the umask value using symbolic notation. This seems like a fairly simple task but I found it had one confusing quirk in that when using symbolic notation.

Taking a look at the umask(1p) page under the operands section it is mentioned:

In a symbolic_mode value, the permissions op characters '+' and '-' shall be interpreted relative to the current file mode creation mask; '+' shall cause the bits for the indicated permissions to be cleared in the mask; '-' shall cause the bits for the indicated permissions to be set in the mask.

This seems to indicate addition operator is ‘-‘ and subtraction operator becomes ‘+’ due to the nature of umask (initial permission minus the umask) when using symbolic notation.

Without knowing or understanding this “quirk” beforehand it becomes a little confusing if you are attempting to change the default umask using symbolic notation.

For example: Set the umask value to 0035 using symbolic notation. One would think that the following would be the correct way to accomplish this:

$ umask u=,g=wx,o=rx

The thinking behind this being owner has zero permissions, group set to write and execute and other set to read and execute, however checking the value after applying this value shows:

$ umask
0742

Which at first seems to make no sense, the requested value is 0035, ignoring the leading zero this would equate to the following symbolic values above, zero bits in the owner column (—), 3 bits in the group column (-wx) and 5 bits in the other column (r-x).

However this is not the case, referring to the above link where it is indicated that the umask permissions will be interpreted in relation to the current file mode.

An easy way to remember this, is when setting the umask value subtract the required decimal number from 7 and then calculate the symbolic notation from the result, for example: to correctly set the value of 0035, you would be looking for the symbolic equivalent of 0742 which is:

$ umask u=rwx,g=r,o=w
$ umask
0035
Facebooktwitterlinkedinby feather

the purpose of umask

When defining default permission for files (0666) and directories (0777) linux has a default set of permissions for each as noted. However if you as a user create a file or directory you will notice that the permissions are not in fact 0666 for a file or 0777 for a directory this is seen below:

# test file with permissions 0664
$ touch test_file
$ ls -l test_file
-rw-rw-r--. 1 user1 user1 0 Mar 15 06:19 test_file

# test dir with permissions 0775
$ mkdir test_dir
$ ls -l | grep test_dir
drwxrwxr-x.   2 user1 user1       6 Mar 15 06:19 test_dir

The reason for this is because it is noted that linux permissions are too permissive. In this case the umask command is used to modify permissions when a file or directory is created.

The way this is determined is by subtracting the umask value from the default permissions, in this example 0666 for files which hen determines the permission value for the file eg:

The default permissions for a file created by a normal user is 0666 minus 0002 equalling 0664

# default umask value
$ umask
0002

# create a test file
$ touch test_umask_file

# verify the final permissions
$ stat test_umask_file 
  File: test_umask_file
  Size: 0         	Blocks: 0          IO Block: 4096   regular empty file
Device: fd00h/64768d	Inode: 38087484    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/   user1)   Gid: ( 1000/   user1)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2021-03-15 05:40:17.460682658 -0400
Modify: 2021-03-15 05:40:17.460682658 -0400
Change: 2021-03-15 05:40:17.460682658 -0400
 Birth: -
$

The default umask value for normal users is 0002 and the default umask for root users is 0022. The default value can be changed by simply using the umask command for example:

$ umask 0003
$ umask
0003

In order to persist the changes the new umask value must be added to the user profile eg: the .bashrc adding the following line (or whatever value you wish or can change this to):

umask 0003

Facebooktwitterlinkedinby feather