andy@syma.sussex.ac.uk (Andy Clews) (09/04/90)
I would like to thank the following people who (so far) have taken the trouble to email me with helpful suggestions regarding how to explain the workings of umask (the old fashioned one): Eirik Fuller, Dwight Ernest, Don Libes, Doug Gwyn, Stephen Walick, Steve Friedl, Art Neilson, Gordon Burditt and "anarchy" (real name unknown!). I though Art Neilson's was one of the better contributions, so I hope he doesn't mind being quoted here. I have no idea whether the words are his own or taken from another source (he didn't say). - From: Art Neilson <art@pilikia.pegasus.com> UMASK - User Mask command The "umask" (user mask) command sets default file creation permissions for your session, and is usually placed in your .profile Bourne shell startup script or your .login C-shell startup script. The example below will be used throughout this explanation on the use of the umask. 0 2 2 | | | owner group public The three numbers above control the default permissions given to files you create. Permissions in Unix are divided into 3 groups, permissions for the owner, permissions for the group and permissions for the general public. All users on a system fall into the "public" category, users working on a project together often will belong to the same "group", ask your system administrator what "group" you belong to. The last category "owner" refers to the owner of the file, this is you if you create the file. The table below shows the relation of the numbers above to the category they are in. 0 = no permissions 1 = execute/search permission 2 = write permission 4 = read permission By using this table, we can see that in the example umask 022 above, the permissions are: 0 2 2 | | | owner group public none write write The confusing part of this is that having a particular permission turned on means that files created will *not* have that particular permission, it is "masked out". Referring to the above example, we can see that by default, files created by a user will *have* the following permissions: 0 2 2 | | | owner group public all read read execute execute Of course the execute will be on only if the file is an executable, i.e. a binary program or a shell script. To reiterate, the umask controls what permissions will *not* be given by default when you create files. 022 is a very common umask for users to have, another common example is 002 0 owner has all permissions 0 group has all permissions 2 public only has read/execute permission (write permission is masked out) The number 2 is most often used because it controls write permission. By specifying 2 in a category you are disabling default write permission for that category when you create files. If you have further questions on this topic, please contact your system administrator. ----- -- Andy Clews, Computing Service, Univ. of Sussex, Brighton BN1 9QN, England JANET: andy@syma.sussex.ac.uk BITNET: andy%syma.sussex.ac.uk@uk.ac