System Administration Guide: Security Services

Default umask Value

When you create a file or directory, you create it with a default set of permissions. The system defaults are open. A text file has 666 permissions, which grants read and write permission to everyone. A directory and an executable file have 777 permissions, which grants read, write, and execute permission to everyone. Typically, users override the system defaults in their /etc/profile file, .cshrc file, or .login file.

The value assigned by the umask command is subtracted from the default. This process has the effect of denying permissions in the same way that the chmod command grants them. For example, the chmod 022 command grants write permission to group and others. The umask 022 command denies write permission to group and others.

The following table shows some typical umask settings and their effect on an executable file.

Table 7–3 umask Settings for Different Security Levels

Level of Security 

umask Setting

Permissions Disallowed 

Permissive (744)


w for group and others

Moderate (740)


w for group, rwx for others

Moderate (741)


w for group, rw for others

Severe (700)


rwx for group and others

For more information on setting the umask value, see the umask(1) man page.