-->

Default file permissions Linux

You may be wondering about where these file permissions come from. The answer is umask. The umask command sets the default permissions for any file or directory you create:

$ touch newfile
$ ls -al newfile
-rw-r—r— 1 rich rich 0 Sep 20 19:16 newfile
$

The touch command created the file using the default permissions assigned to my user account. The umask command shows and sets the default permissions:

$ umask
0022
$

Unfortunately, the umask command setting isn’t overtly clear, and trying to understand exactly how it works makes things even muddier. The first digit represents a special security feature called the sticky bit. We’ll talk more about that later on in this chapter in the “Sharing Files” section.

Default file permissions Linux
Default file permissions Linux

The next three digits represent the octal values of the umask for a file or directory. To understand how umask works, you first need to understand octal mode security settings.

Octal mode security settings take the three rwx permission values and convert them into a 3-bit binary value, represented by a single octal value. In the binary representation, each position is a binary bit. Thus, if the read permission is the only permission set, the value becomes r-, relating to a binary value of 100, indicating the octal value of 4. Table shows the possible combinations you’ll run into.


Linux File Permission Codes
Linux File Permission Codes


Octal mode takes the octal permissions and lists three of them in order for the three security levels (user, group, and everyone). Thus, the octal mode value 664 represents read and write permissions for the user and group, but read-only permission for everyone else.

Now that you know about octal mode permissions, the umask value becomes even more confusing. The octal mode shown for the default umask on my Linux system is 0022, but the file I created had an octal mode permission of 644. How did that happen?

The umask value is just that, a mask. It masks out the permissions you don’t want to give to the security level. Now we have to dive into some octal arithmetic to figure out the rest of the story.

The umask value is subtracted from the full permission set for an object. The full permission for a file is mode 666 (read/write permission for all), but for a directory it’s 777 (read/write/execute permission for all).

Thus, in the example, the file starts out with permissions 666, and the umask of 022 is applied, leaving a file permission of 644.

The umask value is normally set in the /etc/profile startup file in most Linux distributions, but some prefer to set it in the /etc/login.defs file (such as in Ubuntu). You can specify a different default umask setting using the umask command:

$ umask 026
$ touch newfile2
$ ls -l newfile2
-rw-r–— 1 rich rich 0 Sep 20 19:46 newfile2
$

By setting the umask value to 026, the default file permissions become 640, so the new file now is restricted to read-only for the group members, and everyone else on the system has no permissions to the file.

The umask value also applies to making new directories:
$ mkdir newdir
$ ls -l
drwxr-x—x 2 rich rich 4096 Sep 20 20:11 newdir/
$

Because the default permissions for a directory are 777, the resulting permissions from the umask are different from those of a new file. The 026 umask value is subtracted from 777, leaving the 751 directory permission setting.

0 Response to "Default file permissions Linux"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel