Setting the file mode creation mask

When a file is created, it is assigned initial access permissions. If you want to control the permissions that a program can set when it creates a file or directory, you can set a file mode creation mask using the umask command.

You can set this file mode creation mask for one shell session by entering the umask command interactively, or you can make the umask command part of your login. When you set the mask, you are setting limits on allowable permissions: You are implicitly specifying which permissions are not to be set, even though the calling program may allow those permissions. When a file or directory is created, the permissions set by the program are adjusted by the umask value: The final permissions set are the program's permissions minus what the umask values restrict.

To use the umask command for a single session, enter:

umask mode

and specify the mode in either of the formats used by chmod: symbolic (rwx) or octal values. The symbolic form expresses what can be set, what is allowed, while octal values express what cannot be set, what is disallowed. For example, both of these commands set the same umask:

umask a=rx
umask 222

To display the mask,

If you just enter umask, you see the mode displayed in octal values, indicating what cannot be set.
If you enter umask -S, you see the mode displayed in symbolic form, indicating what can be set.

The shell's initial setting of the mask is 000, which means that read, write, and execute permission can be set on for everyone. But the system-wide profiles provided with the product set the mask to 022.