In linux, the default permissions for any newly created folder is 777 (rwxrwxrwx), and for any newly created file it is 666 (rw-rw-rw-).However when you actually come to create a file or folder, you’ll find that in practice that is not really the case:
$ touch testfile.txt $ mkdir testfolder $ ls -l testfile.txt -rw-rw-r--. 1 vagrant vagrant 0 Jul 25 14:31 testfile.txt # here it is 664 $ ls-l | grep testfolder drwxrwxr-x. 2 vagrant vagrant 6 Jul 25 14:31 testfolder # here it is 775
The reason for this descrepency is that the default permissions are restricted (i.e. masked) by something called a umask value, which you can view by running the the umask command:
$ umask 0002
This essentially works by being subtracted from the defaults, i.e. 666-002=664 and 777-002=775. Hence the umask value effectively adjusts the default values to arrive at new default values that are more restrictive. We can update the user mask value like this:
$ umask 0022 $ umask 0022 $ touch testfile1.txt $ mkdir testfolder1 $ ls -l testfile1.txt -rw-r--r--. 1 vagrant vagrant 0 Jul 25 14:53 testfile1.txt # now it is 644 $ ls -l | grep testfolder1 drwxr-xr-x. 2 vagrant vagrant 6 Jul 25 14:53 testfolder1 # now it is 755
Also the default umask value is different for a privileged user (e.g. root user) than it is for an ordinary user:
[root@puppetmaster ~]# umask 0022 [root@puppetmaster ~]# su - vagrant Last login: Sat Jul 25 14:57:15 BST 2015 on pts/0 [vagrant@puppetmaster ~]$ umask 0002
These default umask values are specified in the /etc/profile file:
$ cat /etc/profile
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi
# Path manipulation
if [ "$EUID" = "0" ]; then
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
fi
HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
Note: id -gn outputs the group name, and id -un outputs the username. For non-root privileged user, their primary group tends to be the “wheel” group.
However changing the umask value using the umask command isn’t persistant, i.e. it reverts back to the original value when you close your terminal and reopen it again, that’s because the /etc/profile script reset’s the umask value.
Hence to make it persistant you simply have to insert your umask command into:
$ vim ~/.bashrc
Note: the above works for both the login and interactive shells. The above makes it persistant for a given user. If however you want to make it persistant machine wide, then you need to edit both the /etc/bashrc and /etc/profile files. Both of these files contains the same if-else statement, as highlighted above.