Default Permissions for Users, Directories and Files on Linux: Examples
Last updated:- See current default permissions for user
- Set default permission for user
- See current default permissions for a directory
- Set default permission for files in directory
HEADS-UP
umaskis a soft permission scheme - don't rely on it for security purposes.
See current default permissions for user
Umask codes are an inversion of the permission they create! A 7 in a umask results in a 0 in the created permission!
To see what your current umask setting is, just type umask with no parameters:
$ umask
0002
Or use -S to see symbolic codes:
$ umask -S
u=rwx,g=rwx,o=rx
Set default permission for user
Note that even when you do not deny the
x(execution) permission using umask, thexbit does not get set. This is for security reasons.
All files/directories created by the user will have the given permissions.
Use umask followed by the mask representing what you want to deny.
| Command | Filters | Description | Created directories will have this permission |
Created files will have this permission |
|---|---|---|---|---|
$ umask 000 |
--------- | Deny nobody anything. | drwxrwxrwx | rw-rw-rw- |
$ umask 006 |
------rw- | Deny rw to others, but allow everyone to list directories |
drwxrwx--x | rw-rw---- |
$ umask 007 |
------rwx | Deny rwx to others | drwxrwx--- | rw-rw---- |
$ umask 077 |
---rwxrwx | Deny rwx to others and to the group. Only you can access |
drwx------ | rw------- |
$ umask 777 |
rwxrwxrwx | Deny rwx to everyone (including the owner) |
d--------- | --------- |
See current default permissions for a directory
If your filesystem does not support ACLs, you may need to remount it with ACL enabled
To do this, you need to use Access Control Lists (ACL).
On Ubuntu and similar systems, you can use getfacl:
$ getfacl dummy_dir/
# file: dummy_dir/
# owner: felipe
# group: felipe
user::rwx
group::rwx
other::--x
Set default permission for files in directory
All files/directories created in this directory will have the given permissions.
Example: force all files created in directory dummy_dir/ (recursively) to have permissions rwxrwx--- (770) no matter what the current umask of the user creating it:
$ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/
Full example Set the umask to 000 (no filters)
$ umask 000
$ touch foo
$ ls -lha
$-rw-rw-rw- 1 felipe felipe 0 Jun 24 02:21 foo
Now create a directory and set the ACL for rwxrwx--- (770):
$ mkdir dummy_dir
$ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/
$ touch dummy_dir/bar
$ ls -lha dummy_dir/
$-rw-rw---- 1 felipe felipe 0 Jun 24 02:21 bar