Solaris Advanced User's Guide

Setting Default File Permissions

The umask command sets a default file permission for all the files and directories you create. For example, if you are security conscious and you want to grant members of your group, and all users, only read and execute permissions (-rwxr-xr-x) on your directories and files, you can set the umask in your user profile file so that every new file or directory you create is protected with these permissions.

Like the chmod command, umask uses a numeric code to represent absolute file permissions. However, the method that is used to calculate the code for umask is different from the method for chmod.

For example, if umask is set to 000, all files you create have the following (read and write, but not execute) permissions:

rw-rw-rw- (mode 666)

All directories that are created have the following (read, write, and execute) permissions:

rwxrwxrwx (mode 777)

To determine the value to use for umask, you subtract the value of the permissions you want (using the value you would specify for the chmod command) from the current default permissions assigned to files. The remainder is the value to use for the umask command.

For example, suppose you want to change the default mode for files from 666 (rw-rw-rw-) to 644 (rw-r--r--). Subtract 644 from 666. The remainder, 022, is the numeric value you would use with umask as follows:

$ umask 022

Similar to the numeric code for the chmod command, the three numbers that are used with umask are as follows.

Table 10-1 shows the file permissions that are created for each digit of the umask command's numeric code.

Table 10–1 Permissions for umask

umask code 


















For more information on the umask command, refer to the man Pages(1): User Commands.