The Linux Security Journey — “umask” (Set File Mode Creation Mask)

When creating a new file/directory the default file mode permissions (https://medium.com/@boutnaru/the-linux-security-journey-file-permissions-033cb3ce8547) are 666 (rw-rw-rw), however those permissions are masked/filtered by the umask (Set File Mode Creation Mask) value. Thus, if we have “umask=0022” the permissions of a newly created file is set to 644 (rw-r — r — ). In case of “umask=0077” the permissions of a newly created file is set to 600 (rw — — — ) and for “umask=0000” we get 666 (rw-rw-rw-) — as shown in the screenshot below.

Overall, “umaks” is a system call used for setting the file mode creation mask. This system call always succeeds and the previous value of the mask is returned. “umask” is used by in conjunction with syscalls like “open” (https://man7.org/linux/man-pages/man2/open.2.html) and “mkdir (https://man7.org/linux/man-pages/man2/mkdir.2.html).

Moreover, as opposed to the “chmod” (https://man7.org/linux/man-pages/man2/chmod.2.html) syscall which affects the permissions of a specific file/directory “umask” affects every file/directory created by the user. In most Linux distributions the “umask” value are configured in system wide configuration files like: “/etc/profile” or “/etc/bash.bashrc” (https://www.liquidweb.com/kb/what-is-umask-and-how-to-use-it-effectively/).

Lastly, based on the shell environment used, “umask” can be a dedicated binary or a built-in command of the shell. There are cases when the “umask” binary is used we can just read the value and not change it, because it will change it for a different process session. So, for altering the umask value in those cases the built-in shell command is need (https://docs.oracle.com/cd/E19455-01/806-0624/6j9vek5ja/index.html).

See you in my next writeup ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru). Also, you can read my other writeups on medium — https://medium.com/@boutnaru. You can find my free eBooks at https://TheLearningJourneyEbooks.com.