When you create a file, you don’t have to decide permissions up front. Permissions have defaults.

Those defaults can be controlled and modified using the umask command.

Typing umask with no arguments will show you the current umask, in this case 0022:

What does 0022 mean? That’s an octal value that represent the permissions.

Another common value is 0002.

Use umask -S to see a human-readable notation:

In this case, the user (u), owner of the file, has read, write and execution permissions on files.

Other users belonging to the same group (g) have read and execution permission, same as all the other users (o).

In the numeric notation, we typically change the last 3 digits.

Here’s a list that gives a meaning to the number:

  • 0 read, write, execute
  • 1 read and write
  • 2 read and execute
  • 3 read only
  • 4 write and execute
  • 5 write only
  • 6 execute only
  • 7 no permissions

Note that this numeric notation differs from the one we use in chmod.

We can set a new value for the mask setting the value in numeric format:

umask 002

or you can change a specific role’s permission:

umask g+r

The umask command works on Linux, macOS, WSL, and anywhere you have a UNIX environment