Umask
umask is a mask agaist the default permissions used when a file is created.
If you write a file, its default mode is 0666. This means anyone can read or write it (actually removing a file requires directory write access, which is independent of the permissions on a specific file.
If you had a umask of 077, all permissions for "group" and "other" will be masked (e.g. disallowed) when a new file is created.
Here is the formula for determining the mode after umask is applied: mode & !umask. In "English," this means that the you take the umask, apply a unary inverse (e.g. a logical NOT), then bitwise AND this value against the default mode of the new file.
So, given a default mode of 666, and a umask of 027, the following math is performed (behind the scenes!):
666 & !027 = 640
Which is rw-r----. Working out the binary, we have this:
110110110 (default mode 666) 000010111 (umask of octal 027, in binary) Negate the umask: !000010111 = 111101000 Bitwise AND the negated umask against the default mode 110110110 & 111101000 ----------- 110100000 = 640
Simple, right? ;-)
Just remember that the umask is used to set the permissions that you want prevent from getting set by default, and you'll be okay.
Common mask settings:
| Umask | Default file permissions | Notes |
| 077 | 600 (rw-------) | Very restrictive, good for root, and paranoid users |
| 027 | 640 (rw-r-----) | Common for users who want to let certain people read files |
| 002 | 660 (rw-rw-r--) | Good for collaboration and active sharing of files. |
