Aaron Graves, PhDude (Replica)

Empowering people to reach their full potential

calculate umask

Posted on February 16, 2026 by Admin

Umask Permissions Calculator

Understanding Umask: Your Linux/Unix File Permission Guardian

In the world of Linux and Unix-like operating systems, managing file and directory permissions is crucial for security and proper system operation. While commands like chmod allow you to explicitly set permissions for existing files, what about new files and directories? This is where umask comes into play. Umask, short for "user file-creation mode mask," dictates the default permissions assigned to newly created files and directories.

What is Umask and How Does it Work?

Umask is a four-digit octal number (though often seen as three, with the first digit implied as 0). It acts as a "mask" that removes permissions from the maximum allowed permissions for new files and directories. Instead of specifying what permissions a file should have, umask specifies what permissions it should not have by default.

The system typically starts with a base set of permissions for new creations:

  • Files: Default base permissions are 666 (rw-rw-rw-), meaning read and write for owner, group, and others. Execute permission is generally not granted by default for new files.
  • Directories: Default base permissions are 777 (rwxrwxrwx), meaning read, write, and execute for owner, group, and others.

The umask value is then subtracted (conceptually, or bitwise ANDed with its complement) from these base permissions to determine the actual permissions of the newly created object.

Calculating Effective Permissions with Umask

To calculate the effective permissions, you take the default base permissions and apply the umask. Let's break down the process using common examples:

The Umask Value Explained

A umask value like 022 means:

  • The first digit (0) is a special sticky bit/SUID/SGID mask, often ignored for basic umask calculations.
  • The second digit (0) corresponds to the owner's permissions.
  • The third digit (2) corresponds to the group's permissions.
  • The fourth digit (2) corresponds to others' permissions.

Each digit in the umask represents permissions to be removed. Remember the octal values for permissions:

  • 4 = read (r)
  • 2 = write (w)
  • 1 = execute (x)

So, a 2 in the umask means "remove write permission".

Example 1: Umask 022

This is a very common umask value, often seen in multi-user environments.

  • For Files (Base 666):
    • Owner: 6 (rw-) - 0 (---) = 6 (rw-)
    • Group: 6 (rw-) - 2 (-w-) = 4 (r--)
    • Others: 6 (rw-) - 2 (-w-) = 4 (r--)

    Resulting File Permissions: 644 (rw-r--r--)

  • For Directories (Base 777):
    • Owner: 7 (rwx) - 0 (---) = 7 (rwx)
    • Group: 7 (rwx) - 2 (-w-) = 5 (r-x)
    • Others: 7 (rwx) - 2 (-w-) = 5 (r-x)

    Resulting Directory Permissions: 755 (rwxr-xr-x)

With umask 022, files are readable by everyone but only writable by the owner, and directories are navigable and readable by everyone, but only writable by the owner.

Example 2: Umask 002

This umask is common in environments where users within the same group need more shared access.

  • For Files (Base 666):
    • Owner: 6 (rw-) - 0 (---) = 6 (rw-)
    • Group: 6 (rw-) - 0 (---) = 6 (rw-)
    • Others: 6 (rw-) - 2 (-w-) = 4 (r--)

    Resulting File Permissions: 664 (rw-rw-r--)

  • For Directories (Base 777):
    • Owner: 7 (rwx) - 0 (---) = 7 (rwx)
    • Group: 7 (rwx) - 0 (---) = 7 (rwx)
    • Others: 7 (rwx) - 2 (-w-) = 5 (r-x)

    Resulting Directory Permissions: 775 (rwxrwxr-x)

Here, both the owner and group members can read and write files/directories, while others have read-only access to files and read/execute access to directories.

Example 3: Umask 077

This is a highly restrictive umask, often used for security-sensitive operations or by the root user.

  • For Files (Base 666):
    • Owner: 6 (rw-) - 0 (---) = 6 (rw-)
    • Group: 6 (rw-) - 7 (rwx) = 0 (---)
    • Others: 6 (rw-) - 7 (rwx) = 0 (---)

    Resulting File Permissions: 600 (rw-------)

  • For Directories (Base 777):
    • Owner: 7 (rwx) - 0 (---) = 7 (rwx)
    • Group: 7 (rwx) - 7 (rwx) = 0 (---)
    • Others: 7 (rwx) - 7 (rwx) = 0 (---)

    Resulting Directory Permissions: 700 (rwx------)

With umask 077, only the owner has any permissions on newly created files and directories; no one else can read, write, or execute them.

Setting and Viewing Your Umask

You can view your current umask value by simply typing umask in your terminal. To set a new umask for your current session, use umask [value] (e.g., umask 002). To make a umask persistent, you typically add the umask command to your shell's configuration file (e.g., .bashrc, .profile, .zshrc).

Why is Umask Important?

Umask is a fundamental security mechanism. By default restricting permissions, it helps prevent accidental exposure of sensitive data. It ensures that files and directories are created with a sensible baseline of permissions, which can then be explicitly modified with chmod if broader access is required. Understanding and correctly configuring your umask is a key part of system administration and secure coding practices.

Use the calculator above to experiment with different umask values and see their impact on default file and directory permissions!