How to change default umask values permanently in Linux(RedHat/CentOS 7/8)

In this article, I will take you through different ways using which default umask values can be permanently changed in Linux. umask is an important needs to be set on Linux Based Systems which further decides the files and directories permission during its creation. Hence it is a important topic to understand what is umask, how it actually works and how one need to set umask value properly in his/her system to avoid any Security Vulnerability.

What is UMASK

UMASK is known as User Mask which is responsible for deciding permissions on files and directories that gets created.

Default UMASK Values for Files and Directories

In most of the systems you will see a default umask value of 0022 for all files and directories.

How to Calculate Files and Directories Permissions Based on UMASK Value

As you might be aware, base permission of a file is 0666 and base permission of a directory is 0777. Hence final permission of files and directories will get calculated from this base permission values. If umask is set to 0022 in the system, then creating a file and directories will have below permission.

For Files : 0666 – 0022 = 0644

For Directories: 0777 – 0022 = 0755

If umask is set 0032, then creating file and directories will have below permission.

Advertisements

For Files: 0666 – 0032 = 0634

For Directories: 0777 – 0032 = 0745

What is the Recommended UMASK Value

To enable security features and safeguard your system from unnecessary file and directory creation it is recommended to use umask value of 0027.

NOTE:

Please note that I am using centos user to run all the commands here. Hence all the umask value I am setting here will only get set for centos user.

 

How to change default umask values permanently in Linux(RedHat/CentOS 7/8) 1

Change umask value on Linux

There are two different ways through which you can change umask values.

1)Temporary Change in umask value

In this method, umask will changed only when the session is active. First you need to check the current umask values by running umask command as shown below. Please note that umask value might be different for different user depends on current value set.

[centos@localhost ~]$ umask
0022

Check the current logged in user by running id command.

[centos@localhost ~]$ id
uid=1000(centos) gid=1000(centos) groups=1000(centos) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Now change the umask value to 0002 by running umask 0002 command as shown below.

[centos@localhost ~]$ umask 0002

Check again the umask value to confirm if it is changed.

[centos@localhost ~]$ umask
0002

Let’s create a file and a directory to confirm if indeed umask value of 0002 is working or not. First we will create a file with the command touch file.txt.

[centos@localhost ~]$ touch file.txt
[centos@localhost ~]$ ls -lrt
total 0
-rw-rw-r--. 1 centos centos 0 Apr 26 20:42 file.txt

Now we will create a directory test and check the permission.

[centos@localhost ~]$ mkdir test
[centos@localhost ~]$ ls -ltrd test
drwxrwxr-x. 2 centos centos 6 Apr 26 20:43 test

2)Permanent Change in umask value

In this method even after exiting from current session or after restarting the system umask values will not change.

[centos@localhost ~]$ umask
0022

Check the current logged in user by running id command.

[centos@localhost ~]$ id
uid=1000(centos) gid=1000(centos) groups=1000(centos) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Now change the umask value to 0002 in ~/.bash_profile file as shown below.

[centos@localhost ~]$ vi ~/.bash_profile

umask 0002

Press Esc. Save and Exit by writing :wq!

Then either restart your system or just log out and login to read bash_profile file again during login and then check again the umask values to confirm if it is changed.

[centos@localhost ~]$ umask
0002

Here also we will verify the permission by creating a file and a directory to confirm if umask values of 0002 is changed or not. First we will create a file with the command touch file.txt just like above.

[centos@localhost ~]$ touch file.txt
[centos@localhost ~]$ ls -lrt
total 0
-rw-rw-r--. 1 centos centos 0 Apr 26 20:42 file.txt

Above file shows permission of 664 which confirms umask is working correctly. Now we will create a test directory and check the permission.

[centos@localhost ~]$ mkdir test
[centos@localhost ~]$ ls -ltrd test
drwxrwxr-x. 2 centos centos 6 Apr 26 20:43 test

Above directory shows a permission of 775 which confirms the umask values of 0002 is working correctly.

You can also change the umask value from .bashrc using below steps. Add umask 0032 at the end of ~/.bashrc file as shown below.

[centos@localhost ~]$ vi ~/.bashrc

umask 0032

Like above, here also either you can logout and login or restart your system to permanently apply the changes. Check the umask values again after login to the system.

[centos@localhost ~]$ umask
0032

 

Popular Recommendations:-

Create SAN Certificate

How to Enable or Disable SELinux Temporarily or Permanently on RedHat/CentOS 7/8

10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8)

9 useful w command in Linux with Examples

12 Most Popular rm command in Linux with Examples

Create a Self Signed Certificate using OpenSSL

Advertisements

Leave a Reply