If you've used Linux for any length of time, you'd know how important Linux file permissions are. But what about permissions for when you create new files? A utility called umask lets you set default file permissions for new files on Linux.

What Is umask?

A umask is a "bit mask" that sets permission bits on new files. On Linux systems, it's a standalone command, though modern shells like Bash or Zsh include it as a built-in command.

A umask defines what permissions will be removed on new files. It uses the numeric octal permission system similar to that of the chmod command. You can think of a umask as subtracting permissions from certain classes of users on new files.

A common default umask is 022. This will leave the permissions of the file's owner alone while removing write permissions for group members and other users.

umask showing octal and symbolic permissions in the shell

A umask is more important on multiuser systems such as servers, as it helps keep the system secure by restricting permissions on new files by default. If an admin creates a new file as root, you don't want ordinary users to be able to write to it.

To see the current umask, type umask at the shell. You can see it symbolically with the -S option. 

        umask -S

Setting umask for One User

You can set a umask for a session with the umask command: 

        umask 022

You can put this in your shell startup file, such as your .bashrc or .zshrc, depending on which shell you use.

Setting a System-Wide umask

If you do run a multi-user server, it's a good idea to set a good umask system-wide. You can do this by putting a umask setting in the global shell startup files for all shells installed on the system.

For example, you can put the umask setting in /etc/profile, as this will be read by both Bash and Zsh on startup. csh and tcsh read the /etc/csh.cshrc and /etc/csh.login files, with the latter for login shells.

Now You Have the Correct Permissions for New Linux Files

With umask, you can now make sure you have proper permissions on new files on the system. But that doesn't go far enough. If you want greater security, you may want to password-protect certain files on Linux. There are several ways to do this, and they're easy to implement.