Default umask Value
When you create a file or directory, you create it with a default set of permissions. The system defaults are open. A text file has 666 permissions, which grants read and write permission to everyone. A directory and an executable file have 777 permissions, which grants read, write, and execute permission to everyone. Typically, users override the system defaults in their shell initialization files, such as .bashrc and .kshrc.user. An administrator can also set defaults in the /etc/profile file.
Note:
If you are using theaccount-policy service, you must modify the login/environment/umask SMF property. For more information and the procedure, see New Feature – Enabling the account-policy Service in Securing Users and Processes in Oracle Solaris 11.4 and Modifying Login Environment Variables in Securing Users and Processes in Oracle Solaris 11.4. See also the account-policy(8S) man page.
The value that the umask command assigns is subtracted from the default. This process has the effect of denying permissions in the same way that the chmod command grants them. For example, the chmod 022 command grants write permission to group and others. The umask 022 command denies write permission to group and others.
The following table shows some typical umask values and their effect on an executable file.
Table 1-3
umask Settings for Different Security Levels
| Level of Security | umask Setting | Permissions Disallowed |
|---|---|---|
|
Permissive ( |
|
|
|
Moderate ( |
|
|
|
Strict ( |
|
|
|
Severe ( |
|
|
For more information about setting the umask value, see the umask(1) man page.