Set Default Permissions for New Files in Ubuntu

This guide explains how to configure default file permissions for newly created files in Ubuntu using the umask utility. You will learn how to view your current settings, apply temporary changes, and make permanent adjustments to ensure your files meet specific security or accessibility requirements without needing to modify them individually after creation.

Understanding Umask

In Linux, the umask (user file-creation mode mask) determines the default permissions for new files and directories. It works by subtracting specific permission bits from the system defaults. The system default is typically 666 for files and 777 for directories. The umask value restricts these defaults.

Check Current Umask

To see your current umask value, open the terminal and run:

umask

The output will usually be a three or four-digit number, such as 0022. This value dictates what permissions are removed from the default set.

Change Umask Temporarily

You can change the umask for the current terminal session only by typing:

umask 027

This setting will revert to the default once you close the terminal window. This is useful for testing specific permission scenarios without altering system configurations.

Change Umask Permanently

To make the change permanent for your user account, you need to add the umask command to your shell configuration file.

1. Open your .bashrc file in a text editor: bash nano ~/.bashrc
2. Add the following line at the end of the file: bash umask 027
3. Save the file and exit.
4. Apply the changes by running: bash source ~/.bashrc

For system-wide changes affecting all users, edit /etc/profile or /etc/bash.bashrc with sudo privileges, though this is generally not recommended unless necessary for organizational security policies.

Calculating Permissions

To understand the resulting permissions, subtract the umask from the base permissions.

• Files: Base 666 (rw-rw-rw-) minus umask 027 results in 640 (rw-r—–).
• Directories: Base 777 (rwxrwxrwx) minus umask 027 results in 750 (rwxr-x—).

Common umask values include: * 022: Files are readable by everyone, writable only by the owner (Default). * 027: Files are readable by the group, writable only by the owner. * 077: Files are accessible only by the owner (Highest security).

Select a umask value that balances your need for security with the necessity of file sharing among users or groups.