Details the use of umask under linux
- 2021-06-28 14:37:51
- OfStack
Recently I started learning linux and finished this section of the linux course about umask in Margo. I want to write this blog in order to deepen my understanding of umask and help my friends who are not very clear about umask.
What is 1 umask
When we log in to the system and create a file, we will have a default permission, so how does this permission come about?That's what umask does.umask sets the default permissions for users to create files or directories. umask sets the "complement" for permissions, whereas our common chmod sets the file permission code.1 Generally, the umask value is set in/etc/profile, HOME/.bashprofile or HOME/.profile.
What is 2 umask used for
By default, the umask value is 022 (which can be viewed with the umask command), where the default permissions for files you create are 644 (6-0, 6-2, 6-2), and the default permissions for directories you create are 755 (7-0, 7-2, 7-2), which can be verified with ls-l 1. You should now know what umask is for, since it is designed to control the default permissions.
[root@bogon test]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@bogon test]# umask
0022
[root@bogon test]# touch a.txt
[root@bogon test]# ls -l
total 0
-rw-r--r--. 1 root root 0 Jul 3 00:40 a.txt
[root@bogon test]# mkdir b
[root@bogon test]# ls -l
total 0
-rw-r--r--. 1 root root 0 Jul 3 00:40 a.txt
drwxr-xr-x. 2 root root 6 Jul 3 00:41 bAs you can see above, umask of root is 022 (the first 0 stands for the special permission bit, not considered here), the default permissions for files created are 644, and the directory created is 755.
3 Basic privileges explanation
Before explaining the use of umask, you need to explain the basic permissions for the following files
linux File Permissions
| r | w | x | |
| 文件 | 可以查看文件内容 | 可以修改文件 | 可以把文件启动为1个运行的程序 |
| 目录 | 可以ls查看目录中的文件名 | 可以在目录中创建或者删除文件(只有w权限没法创建,需要x配合) | 可以使用cd 进入这个目录ls-l显示目录内文件的元数据的信息 |
4 umask Compute Permissions
For files and directories, the maximum permissions are actually 777, but execute permissions are terrible for files, and execute permissions are a basic permission for directories.So the maximum permission for the default directory is 777, while the default maximum permission for files is 666.
For umask=022 for root users, the 777 permission binary code is (111) (111), and the 022 permission binary code is (000) (010) (010).
All permissions 2-digit 1: Represents having this permission umask2 Binary 1: Represents the removal of this privilege, whether you have the privilege or not, you must not have this privilege in the end 1. umask2 Binary 0: Represents that I do not care about the permissions of the corresponding bits, you have permissions before, if not, I will not affect you.Default permission calculation method for files with umask 002
| 所有者 r | 所有者 w | 所有者 x | 所在组 r | 所在组 w | 所在组 x | 其他 r | 其他 w | 其他 x | |
| 所有权限777 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| umask掩码002 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 |
| 计算后的值 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 |
Default permission calculation method for directories with umask 002
| 所有者 r | 所有者 w | 所有者 x | 所在组 r | 所在组 w | 所在组 x | 其他 r | 其他 w | 其他 x | |
| 所有权限666 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 0 |
| umask掩码002 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 |
| 计算后的值 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 0 | 0 |
Default permission calculation method for directories with umask 023
| 所有者 r | 所有者 w | 所有者 x | 所在组 r | 所在组 w | 所在组 x | 其他 r | 其他 w | 其他 x | |
| 所有权限777 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| umask掩码023 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 1 |
| 计算后的值 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 0 |
Default permission calculation method for files with umask 023
| 所有者 r | 所有者 w | 所有者 x | 所在组 r | 所在组 w | 所在组 x | 其他 r | 其他 w | 其他 x | |
| 所有权限666 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 0 |
| umask掩码023 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 1 |
| 计算后的值 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 0 | 0 |
The above is a normal calculation of umask, but it is too cumbersome.We use the following simple methods to quickly calculate.
For directories, simply use 777-umask, and you get the final result. For files, use 666-umask first. If the corresponding bits are even: the final permission is this even value. If the above corresponds to an odd number, the corresponding bit+1.The above method is very convenient to calculate. Why do you want to get an odd number of + 1?
The maximum permission for a file is 666, which is even. You get an odd number, which means your umask has an odd number. It reads 4 and writes 2, which is even, indicating that you have permission to execute.
Take umask=023 as an example, 6-3=3, 6 is read-write, 3 is write-execute when calculating other user's permissions. In fact, read-write permissions minus read-write permissions is equivalent to one more execute permissions.So the result adds 1.
Modification of 5 umask
Modifications of umask are divided into 2, temporary and permanent
Temporary modifications:
[root@bogon test]# umask 023
[root@bogon test]# umask
0023
[root@bogon test]# Permanent modification:
You can add umask=022 by editing the following file.
The configuration for interactive landing takes effect:
/etc/profile < /etc/profile.d/*.sh < ~/.bash_profile < ~/.bashrc < /etc/bashrc [The configuration of /etc/bashrc is most effective to override the previous configuration]
Configuration for non-interactive login takes effect:
~/.bashrc < /etc/bashrc < /etc/profile.d/*.sh
6 Common umask
[root@bogon test]# umask 002
[root@bogon test]# umask
0002
[root@bogon test]# umask 022
[root@bogon test]# umask
0022