- Default Permissions for Users, Directories and Files on Linux: Examples
- See current default permissions for user
- Set default permission for user
- See current default permissions for a directory
- Set default permission for files in directory
- References
- How to set default file permissions for all folders/files in a directory?
- 5 Answers 5
- What are the default permissions of directories in home (Desktop, Downloads, etc.)
- 3 Answers 3
- Setting default permissions for newly created files and sub-directories under a directory in Linux?
- What is Umask and How to Use It
- Umask Overview
- How Does Umask Work?
- The umask Command Syntax
- Symbolic and Numeric umask Values
- How to Calculate Umask Values
- How to Set and Update the Default Umask Value
- Setting Up a Symbolic Umask Value
- Setting Up a Numeric Umask Value
- Difference Between umask and chmod
Default Permissions for Users, Directories and Files on Linux: Examples
HEADS-UP umask is a soft permission scheme — don’t rely on it for security purposes.
See current default permissions for user
Umask codes are an inversion of the permission they create! A 7 in a umask results in a 0 in the created permission!
To see what your current umask setting is, just type umask with no parameters:
Or use -S to see symbolic codes:
Set default permission for user
Note that even when you do not deny the x (execution) permission using umask, the x bit does not get set. This is for security reasons.
All files/directories created by the user will have the given permissions.
Use umask followed by the mask representing what you want to deny.
Command | Filters | Description | Created directories will have this permission | Created files will have this permission |
---|---|---|---|---|
$ umask 000 | ——— | Deny nobody anything. | drwxrwxrwx | rw-rw-rw- |
$ umask 006 | ——rw- | Deny rw to others, but allow everyone to list directories | drwxrwx—x | rw-rw—- |
$ umask 007 | ——rwx | Deny rwx to others | drwxrwx— | rw-rw—- |
$ umask 077 | —rwxrwx | Deny rwx to others and to the group. Only you can access | drwx—— | rw——- |
$ umask 777 | rwxrwxrwx | Deny rwx to everyone (including the owner) | d——— | ——— |
See current default permissions for a directory
If your filesystem does not support ACLs, you may need to remount it with ACL enabled
To do this, you need to use Access Control Lists (ACL).
On Ubuntu and similar systems, you can use getfacl :
$ getfacl dummy_dir/ # file: dummy_dir/ # owner: felipe # group: felipe user::rwx group::rwx other::--x
Set default permission for files in directory
All files/directories created in this directory will have the given permissions.
Example: force all files created in directory dummy_dir/ (recursively) to have permissions rwxrwx— (770) no matter what the current umask of the user creating it:
$ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/
Full example Set the umask to 000 (no filters)
$ umask 000 $ touch foo $ ls -lha $-rw-rw-rw- 1 felipe felipe 0 Jun 24 02:21 foo
Now create a directory and set the ACL for rwxrwx— (770):
$ mkdir dummy_dir $ setfacl -dm u::rwx,g::rwx,o::--- dummy_dir/ $ touch dummy_dir/bar $ ls -lha dummy_dir/ $-rw-rw---- 1 felipe felipe 0 Jun 24 02:21 bar
References
How to set default file permissions for all folders/files in a directory?
I want to set a folder such that anything created within it (directories, files) inherit default permissions and group. Lets call the group «media». And also, the folders/files created within the directory should have g+rw automatically.
umask does relate to permissions but I do not believe it does anything with setting a default group that is not the user him/herself.
5 Answers 5
setfacl -d -m g::rwx / setfacl -d -m o::rx /
# file: ..// # owner: # group: media # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x
g+s will ensure that new content in the directory will inherit the group ownership. setfacl only changes the chmod, in your case sets the permission to o=rx
Note that ACL must be enabled (included as one of the mount options for the mounted file system) for the file permissions to be inherited.
You might want to consider using ‘X’ instead so it will only set execute permission on directories not files setfacl -d -m g::rwX /
This is an addition to Chris’ answer, it’s based on my experience on my Arch Linux rig.
Using the default switch ( -d ) and the modify switch ( -m ) will only modify the default permissions but leave the existing ones intact:
If you want to change folder’s entire permission structure including the existing ones (you’ll have to do an extra line and make it recursive with -R ):
# Gives group read,write,exec permissions for currently existing files and # folders, recursively. setfacl -R -m g::rwx /home/limited.users/directory # Revokes read and write permission for everyone else in existing folder and # subfolders. setfacl -R -m o::x /home/limited.users/directory # Gives group rwx permissions by default, recursively. setfacl -R -d -m g::rwx /home/limited.users/directory # Revokes read, write and execute permissions for everyone else. setfacl -R -d -m o::--- /home/limited.users/directory
(CREDIT to markdwite in comments for the syntax of the revoke all privileges line)
What are the default permissions of directories in home (Desktop, Downloads, etc.)
I accidentally ran chmod 777 * in my home folder and it changed all the directory permissions (but not for the files). How can I undo this?
This discusses one specific error, but also has the suggested defaults. help.ubuntu.com/community/dmrcErrors But often better just to use sudo chmod -R a+rwX,o-w /home/$USER
3 Answers 3
sudo chmod -R a+rwX,o-w /home/$USER
All directories will be 775. All files will be 664 except those that were set as executable to begin with. $USER is your name which normally is a system variable.
This discusses one specific error, but also has the suggested defaults.
Ubuntu Home directories were created with 755 permissions but will be dropped to 750 with 21.04, now to prevent new home directories from being readable by other users on the system.
sudo chmod -R a+rwX,o-rw /home/$USER
Example showing one file, default in 20.04, change to similar to 21.04 & change back:
fred@z170-focal-k:~$ touch temp.txt fred@z170-focal-k:~$ ll *.txt -rw-rw-r-- 1 fred fred 0 May 19 09:11 temp.txt fred@z170-focal-k:~$ sudo chmod sudo chmod -R a+rwX,o-rw /home/$USERa+rwX,o-rw /home/$USER/temp.txt [sudo] password for fred: fred@z170-focal-k:~$ ll *.txtsudo chmod -R a+rwX,o-rw /home/$USER -rw-rw---- 1 fred fred 0 May 19 09:11 temp.txt fred@z170-focal-k:~$ sudo chmod a+rwX,o-w /home/$USER/temp.txt fred@z170-focal-k:~$ ll *.txt -rw-rw-r-- 1 fred fred 0 May 19 09:11 temp.txt
sudo chmod -R a+rwX,o-rw /home/$USER
Setting default permissions for newly created files and sub-directories under a directory in Linux?
I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=r permissions. I know that I could use umask 006 at the head off my various scripts, but I don’t like that approach as many users write their own scripts and may forget to set the umask themselves. I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder. Is this at all possible? Update: I think it can be done with POSIX ACLs, using the Default ACL functionality, but it’s all a bit over my head at the moment. If anybody can explain how to use Default ACLs it would probably answer this question nicely.
POSIX ACLs are nice, however a good 60% of the machines that you encounter won’t have them turned on for certain file systems, depending on the distribution. Here is a very good introduction and example: suse.de/~agruen/acl/linux-acls/online
You mean the same document I linked 🙂 I haven’t had a change to read it yet but thanks for the head’s up on the availability problem.
The link in Tim Post’s comment appears to be dead, but thanks to the Internet Archive, I could view it, and verify that vanemery.com/Linux/ACL/POSIX_ACL_on_Linux.html contains the exact same document. I’ll edit the question to update the link.
What is Umask and How to Use It
When creating a new file or directory, Linux applies the default set of permissions. The umask command lets you change these default permissions.
In this tutorial, you will learn what umask is, how it works, and how to use it to set up file and directory permissions for individual users or groups.
- Linux-based system (e.g., Ubuntu, CentOS, Debian)
- A user account with sudo privileges
- Access to the command terminal
Umask Overview
The term umask refers to two things:
1. The Linux umask command. umask (user file-creation mode) is a Linux command that lets you set up default permissions for newly created files and folders.
2. A user-defined permissions ‘mask’. A user can choose how to restrict permissions by using a permissions mask. A permission mask interacts with the default system permissions and changes them. The umask command is used to apply this mask.
How Does Umask Work?
The umask command works by affecting the default Linux file and folder permissions.
There are three categories of permissions for every file and folder in Linux:
- User: Defines permissions for each individual user. By default, the user who creates a file or folder is set as the owner.
- Group: Defines permissions for a group of users that share the same level of access.
- Other: Defines permissions for anyone not included in the two previous categories.
Use the following command to review permissions for the home folder:
Each line of the output starts with a 10-character string detailing permissions. Breaking down the highlighted entry, this string consists of the following elements:
- d : Indicates the file type (directory).
- rwx : Indicates user permissions (read, write, and execute).
- r-x : Indicates group permissions (read and execute).
- r-x : Indicates other permissions (read and execute).
The umask Command Syntax
Using the umask command without additional command options returns the current mask as the output:
The umask command uses the following syntax:
- [mask] : The new permissions mask you are applying. By default, the mask is presented as a numeric (octal) value.
- [-S] : Displays the current mask as a symbolic value.
- [-p] : Displays the current mask along with the umask command, allowing it to be copied and pasted as a future input.
Symbolic and Numeric umask Values
As we mentioned in the example above, umask can be displayed as a numeric (octal) or symbolic value.
A mask can have the following numeric, and the corresponding symbolic, values:
0 | — | No permission |
1 | —x | Execute |
2 | -w- | Write |
3 | -wx | Write and execute |
4 | r— | Read |
5 | r-x | Read and execute |
6 | rw- | Read and write |
7 | rwx | Read, write, and execute |
How to Calculate Umask Values
Linux uses the following default mask and permission values:
- The system default permission values are 777 ( rwxrwxrwx ) for folders and 666 ( rw-rw-rw- ) for files.
- The default mask for a non-root user is 002, changing the folder permissions to 775 ( rwxrwxr-x ), and file permissions to 664 ( rw-rw-r— ).
- The default mask for a root user us 022, changing the folder permissions to 755 ( rwxr-xr-x ), and file permissions to 644 ( rw-r—r— ).
This shows us that the final permission value is the result of subtracting the umask value form the default permission value (777 or 666).
For example, if you want to change the folder permission value from 777 (read, write, and execute for all) to 444 (read for all), you need to apply a umask value of 333, since:
How to Set and Update the Default Umask Value
Use the following syntax to apply a new umask value:
Setting Up a Symbolic Umask Value
Set a new umask value by using symbolic values with the following syntax:
- u : Indicates user permissions.
- g : Indicates group permissions.
- o : Indicates other permissions.
- # : The symbolic permission value you want to apply, as detailed in the table above.
Note: Never use space after comas when setting up a symbolic mask value.
There are also other operators you can use:
- = : Creates specified file permissions and prohibits unspecified permissions.
- + : Creates specified permissions, but does not change unspecified permissions.
- — :Prohibits specified permissions, but does not change unspecified permissions.
Setting Up a Numeric Umask Value
Once you calculate the required umask numeric value, set it up by using:
Difference Between umask and chmod
The chmod command in Linux works in a similar way to the umask command. It too is used to define permissions for files and folders.
The difference between umask and chmod is that umask changes the default permissions and thus the permissions for all newly created files and folders, while chmod sets permissions for files and folders that already exist.
After following this tutorial, you should be able to review and change umask using symbolic or numeric values.
Make sure you also take a look at our Linux command cheat sheet for more commonly used Linux commands.