umask

The umask is a system variable that encodes a mask for file permissions to be used when a file is cre-
ated. You can change the variable by executing the umask command to supply a new value. The value
is a three-digit octal value. Each digit is the result of ANDing values from 1, 2, or 4; the meanings are
shown in the following table.

For example, to block “group” write and execute, and “other” write, the umaskwould be umask is 032.

When we create a file via an openor creatcall, the modeparameter is compared with the umask. Any
bit setting in the modeparameter that is also set in the umaskis removed. The end result is that users can
set up their environment to say “Don’t create any files with (say) write permission for others, even if the
program creating the file requests that permission.” This doesn’t prevent a program or user from subse-
quently using the chmodcommand (or chmodsystem call in a program) to add other write permissions,
but it does help protect users by saving them from having to check and set permissions on all new files.