Skip to main content
Unix & Linux

Return to Answer

added 202 characters in body
Source Link
ilkkachu
ilkkachu
  • 147.9k
  • 16
  • 268
  • 441

The umask cannot add permissions, it only servers to mask away some of the permission bits set by the process creating the file in question.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

(manual page umask(2))

touch creates files with permissions 0666, as most other applications do when not creating something explicitly known to be private, or something that should be executable (in which case they'd use 0600 or 0777 respectively). If the umask could be used to force adding permission bits, stuff like email clients and ssh-keygen would be in trouble: they'd have no way to create files that can only be accessed by the owner!

$ umask 027; rm xxx; strace -etrace=open touch xxx 2>&1 | grep xxx ;  ls -l xxx
open("xxx", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
-rw-r----- 1 itvirta itvirta 0 Jun  3 20:40 xxx

If we arrange for the file to be created with wider permissions, we see the execute bits too:

$ umask 027; rm yyy; 
$ perl -MFcntl -e 'sysopen F, "yyy", O_WRONLY|O_CREAT, 0777'
$ ls -l yyy
-rwxr-x--- 1 itvirta itvirta 0 Jun  3 20:40 yyy*

Similarly we could create a directory without the x bits set...

$ perl -MFcntl -e 'mkdir "ddd", 0666'
$ ls -ld  ddd
drw-r----- 2 itvirta itvirta 4096 Jun  3 20:45 ddd/

The umask cannot add permissions, it only servers to mask away some of the permission bits set by the process creating the file in question.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

(manual page umask(2))

touch creates files with permissions 0666, as most other applications do when not creating something explicitly known to be private, or something that should be executable (in which case they'd use 0600 or 0777 respectively).

$ umask 027; rm xxx; strace -etrace=open touch xxx 2>&1 | grep xxx ;  ls -l xxx
open("xxx", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
-rw-r----- 1 itvirta itvirta 0 Jun  3 20:40 xxx

If we arrange for the file to be created with wider permissions, we see the execute bits too:

$ umask 027; rm yyy; 
$ perl -MFcntl -e 'sysopen F, "yyy", O_WRONLY|O_CREAT, 0777'
$ ls -l yyy
-rwxr-x--- 1 itvirta itvirta 0 Jun  3 20:40 yyy*

Similarly we could create a directory without the x bits set...

$ perl -MFcntl -e 'mkdir "ddd", 0666'
$ ls -ld  ddd
drw-r----- 2 itvirta itvirta 4096 Jun  3 20:45 ddd/

The umask cannot add permissions, it only servers to mask away some of the permission bits set by the process creating the file in question.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

(manual page umask(2))

touch creates files with permissions 0666, as most other applications do when not creating something explicitly known to be private, or something that should be executable (in which case they'd use 0600 or 0777 respectively). If the umask could be used to force adding permission bits, stuff like email clients and ssh-keygen would be in trouble: they'd have no way to create files that can only be accessed by the owner!

$ umask 027; rm xxx; strace -etrace=open touch xxx 2>&1 | grep xxx ;  ls -l xxx
open("xxx", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
-rw-r----- 1 itvirta itvirta 0 Jun  3 20:40 xxx

If we arrange for the file to be created with wider permissions, we see the execute bits too:

$ umask 027; rm yyy; 
$ perl -MFcntl -e 'sysopen F, "yyy", O_WRONLY|O_CREAT, 0777'
$ ls -l yyy
-rwxr-x--- 1 itvirta itvirta 0 Jun  3 20:40 yyy*

Similarly we could create a directory without the x bits set...

$ perl -MFcntl -e 'mkdir "ddd", 0666'
$ ls -ld  ddd
drw-r----- 2 itvirta itvirta 4096 Jun  3 20:45 ddd/
Source Link
ilkkachu
ilkkachu
  • 147.9k
  • 16
  • 268
  • 441

The umask cannot add permissions, it only servers to mask away some of the permission bits set by the process creating the file in question.

The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).

(manual page umask(2))

touch creates files with permissions 0666, as most other applications do when not creating something explicitly known to be private, or something that should be executable (in which case they'd use 0600 or 0777 respectively).

$ umask 027; rm xxx; strace -etrace=open touch xxx 2>&1 | grep xxx ;  ls -l xxx
open("xxx", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
-rw-r----- 1 itvirta itvirta 0 Jun  3 20:40 xxx

If we arrange for the file to be created with wider permissions, we see the execute bits too:

$ umask 027; rm yyy; 
$ perl -MFcntl -e 'sysopen F, "yyy", O_WRONLY|O_CREAT, 0777'
$ ls -l yyy
-rwxr-x--- 1 itvirta itvirta 0 Jun  3 20:40 yyy*

Similarly we could create a directory without the x bits set...

$ perl -MFcntl -e 'mkdir "ddd", 0666'
$ ls -ld  ddd
drw-r----- 2 itvirta itvirta 4096 Jun  3 20:45 ddd/