In linux, the default permissions for any newly created folder is 777 (rwxrwxrwx), and for any newly created file it is 666 (rw-rw-rw-).However when you actually come to create a file or folder, you’ll find that in practice that is not really the case:
Announcement
You can find all my latest posts on medium.$ touch testfile.txt $ mkdir testfolder $ ls -l testfile.txt -rw-rw-r--. 1 vagrant vagrant 0 Jul 25 14:31 testfile.txt # here it is 664 $ ls-l | grep testfolder drwxrwxr-x. 2 vagrant vagrant 6 Jul 25 14:31 testfolder # here it is 775
The reason for this descrepency is that the default permissions are restricted (i.e. masked) by something called a umask value, which you can view by running the the umask command:
$ umask 0002
This essentially works by being subtracted from the defaults, i.e. 666-002=664 and 777-002=775. Hence the umask value effectively adjusts the default values to arrive at new default values that are more restrictive. We can update the user mask value like this:
$ umask 0022 $ umask 0022 $ touch testfile1.txt $ mkdir testfolder1 $ ls -l testfile1.txt -rw-r--r--. 1 vagrant vagrant 0 Jul 25 14:53 testfile1.txt # now it is 644 $ ls -l | grep testfolder1 drwxr-xr-x. 2 vagrant vagrant 6 Jul 25 14:53 testfolder1 # now it is 755
Also the default umask value is different for a privileged user (e.g. root user) than it is for an ordinary user:
[root@puppetmaster ~]# umask 0022 [root@puppetmaster ~]# su - vagrant Last login: Sat Jul 25 14:57:15 BST 2015 on pts/0 [vagrant@puppetmaster ~]$ umask 0002
These default umask values are specified in the /etc/profile
file:
$ cat /etc/profile # /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates. pathmunge () { case ":${PATH}:" in *:"$1":*) ;; *) if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi esac } if [ -x /usr/bin/id ]; then if [ -z "$EUID" ]; then # ksh workaround EUID=`id -u` UID=`id -ru` fi USER="`id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER" fi # Path manipulation if [ "$EUID" = "0" ]; then pathmunge /usr/sbin pathmunge /usr/local/sbin else pathmunge /usr/local/sbin after pathmunge /usr/sbin after fi HOSTNAME=`/usr/bin/hostname 2>/dev/null` HISTSIZE=1000 if [ "$HISTCONTROL" = "ignorespace" ] ; then export HISTCONTROL=ignoreboth else export HISTCONTROL=ignoredups fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002 else umask 022 fi for i in /etc/profile.d/*.sh ; do if [ -r "$i" ]; then if [ "${-#*i}" != "$-" ]; then . "$i" else . "$i" >/dev/null fi fi done unset i unset -f pathmunge
Note: id -gn
outputs the group name, and id -un
outputs the username. For non-root privileged user, their primary group tends to be the “wheel” group.
However changing the umask value using the umask command isn’t persistant, i.e. it reverts back to the original value when you close your terminal and reopen it again, that’s because the /etc/profile
script reset’s the umask value.
Hence to make it persistant you simply have to insert your umask command into:
$ vim ~/.bashrc
Note: the above works for both the login and interactive shells. The above makes it persistant for a given user. If however you want to make it persistant machine wide, then you need to edit both the /etc/bashrc
and /etc/profile
files. Both of these files contains the same if-else statement, as highlighted above.