Umask: Difference between revisions
attempt at explanation of umask |
Rewrite. |
||
| Line 1: | Line 1: | ||
umask is a mask | umask is a mask agaist the default [[permissions]] used when a file is created. | ||
If you write a file, its default mode is 0666. This means anyone can read or write it (actually removing a file requires directory write access, which is independent of the permissions on a specific file. | |||
If you had a umask of 077, ''all'' permissions for "group" and "other" will be masked (e.g. disallowed) when a new file is created. | |||
Here is the formula for determining the mode after umask is applied: <code>mode & !umask</code>. In "English," this means that the you take the umask, apply a unary inverse (e.g. a logical <code>NOT</code>), then bitwise <code>AND</code> this value against the default mode of the new file. | |||
So, given a default mode of 666, and a umask of 027, the following math is performed (behind the scenes!): | |||
666 & !027 = 640 | |||
Which is <code>rw-r----</code>. Working out the binary, we have this: | |||
110110110 (default mode 666) | |||
000010111 (umask of octal 027, in binary) | |||
Negate the umask: | |||
!000010111 = 111101000 | |||
Bitwise AND the negated umask against the default mode | |||
110110110 | |||
& 111101000 | |||
----------- | |||
110100000 = 640 | |||
Simple, right? ;-) | |||
Just remember that the umask is used to set the permissions that you want ''prevent'' from getting set by default, and you'll be okay. | |||
Common mask settings: | |||
{|border=2 cellpadding="2" | |||
|Umask | |||
|Default file permissions | |||
|Notes | |||
|- | |||
|077 | |||
|600 (rw-------) | |||
|Very restrictive, good for root, and paranoid users | |||
|- | |||
|027 | |||
|640 (rw-r-----) | |||
|Common for users who want to let certain people read files | |||
|- | |||
|002 | |||
|660 (rw-rw-r--) | |||
|Good for collaboration and active sharing of files. | |||
|- | |||
|} | |||
Latest revision as of 15:37, 12 January 2006
umask is a mask agaist the default permissions used when a file is created.
If you write a file, its default mode is 0666. This means anyone can read or write it (actually removing a file requires directory write access, which is independent of the permissions on a specific file.
If you had a umask of 077, all permissions for "group" and "other" will be masked (e.g. disallowed) when a new file is created.
Here is the formula for determining the mode after umask is applied: mode & !umask. In "English," this means that the you take the umask, apply a unary inverse (e.g. a logical NOT), then bitwise AND this value against the default mode of the new file.
So, given a default mode of 666, and a umask of 027, the following math is performed (behind the scenes!):
666 & !027 = 640
Which is rw-r----. Working out the binary, we have this:
110110110 (default mode 666) 000010111 (umask of octal 027, in binary) Negate the umask: !000010111 = 111101000 Bitwise AND the negated umask against the default mode 110110110 & 111101000 ----------- 110100000 = 640
Simple, right? ;-)
Just remember that the umask is used to set the permissions that you want prevent from getting set by default, and you'll be okay.
Common mask settings:
| Umask | Default file permissions | Notes |
| 077 | 600 (rw-------) | Very restrictive, good for root, and paranoid users |
| 027 | 640 (rw-r-----) | Common for users who want to let certain people read files |
| 002 | 660 (rw-rw-r--) | Good for collaboration and active sharing of files. |
