Default Permissions for Users, Directories and Files on Linux: Examples

Last updated:
Table of Contents

HEADS-UP umask is a soft permission scheme - don't rely on it for security purposes.

See the current default permissions for a user

Umask codes are an inversion of the permission they create! A 7 in a umask results in a 0 in the created permission!

To see what your current umask setting is, just type umask with no parameters:

$ umask

Or use -S to see symbolic codes:

$ umask -S

Set default permission for a user

Note that even when you do not deny the x (execution) permission using umask, the x bit does not get set. This is for security reasons.

All files/directories created by the user will have the given permissions.

Use umask followed by the mask representing what you want to deny.

Command Filters Description Created directories will
have this permission
Created files will
have this permission
$ umask 000 --------- Deny nobody anything. drwxrwxrwx rw-rw-rw-
$ umask 006 ------rw- Deny rw to others, but allow
everyone to list directories
drwxrwx--x rw-rw----
$ umask 007 ------rwx Deny rwx to others drwxrwx--- rw-rw----
$ umask 077 ---rwxrwx Deny rwx to others and to the
group. Only you can access
drwx------ rw-------
$ umask 777 ---rwxrwx Deny rwx to everyone
(including the owner)
d--------- ---------

See the current default permissions for a directory

If your filesystem does not support ACLs, you may need to remount it with ACL enabled

To do this, you need to use Access Control Lists (ACL).

On Ubuntu and similar systems, you can use getfacl:

$ getfacl dummy_dir/
# file: dummy_dir/
# owner: felipe
# group: felipe

Set default permission for files in a directory

All files/directories created in this directory will have the given permissions.

Example: force all files created in directory dummy_dir/ (recursively) to have permissions rwxrwx--- (770) no matter what the current umask of the user creating it:

$ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/

Full example Set the umask to 000 (no filters)

$ umask 000
$ touch foo
$ ls -lha
$-rw-rw-rw- 1 felipe felipe    0 Jun 24 02:21 foo

Now create a directory and set the ACL for rwxrwx--- (770):

$ mkdir dummy_dir
$ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/
$ touch dummy_dir/bar
$ ls -lha dummy_dir/
$-rw-rw----  1 felipe felipe    0 Jun 24 02:21 bar


Dialogue & Discussion