umask

Set file creation mask.

Source: src/execution/builtins.f90

Synopsis

umask [-p] [-S] [mode]

Description

The umask builtin sets or displays the file mode creation mask. The mask determines which permission bits are removed from newly created files.

Options

Usage

Display Current Mask

umask
# 0022

umask -S
# u=rwx,g=rx,o=rx

Set Mask (Octal)

umask 022    # Standard (files: 644, dirs: 755)
umask 077    # Restrictive (files: 600, dirs: 700)
umask 002    # Group-friendly (files: 664, dirs: 775)

Set Mask (Symbolic)

umask u=rwx,g=rx,o=rx    # Same as 022
umask u=rwx,g=,o=        # Same as 077

How It Works

The umask is subtracted from default permissions:

Permission Bits

Examples

Restrictive for Sensitive Data

umask 077
echo "secret" > private.txt
ls -l private.txt
# -rw------- 1 user user 7 ... private.txt

Group Collaboration

umask 002
touch shared.txt
ls -l shared.txt
# -rw-rw-r-- 1 user group 0 ... shared.txt

In Scripts

#!/usr/bin/env fortsh

# Save original
old_umask=$(umask)

# Restrictive for temp files
umask 077
tmpfile=$(mktemp)
echo "data" > "$tmpfile"

# Restore
umask "$old_umask"

Check Before Setting

umask -p
# umask 0022

# Reusable output
eval "$(umask -p)"   # Sets current umask

Common Masks

Symbolic Mode

Format: [ugoa][+-=][rwx]

umask u=rwx,g=rx,o=     # 027
umask g-w               # Remove group write
umask o=                # Remove all other permissions

Exit Status

Notes

• umask affects only new files
• Existing file permissions unchanged
• umask is inherited by child processes
• Default is typically 022 (set by system)

Security Considerations

• Use 077 for sensitive scripts
• Use 027 for semi-private files
• Be cautious with 000 (no restrictions)

See Also

• exec - Redirections and environment