DEV Community

authur
authur

Posted on

Why umask 022 creates 755 folders and 644 files

#linux #security #devops #tutorial

If you have ever wondered why umask 022 creates directories like 755 but files like 644, the short answer is:

directories start from 777
regular files usually start from 666
umask subtracts permissions from those defaults
Enter fullscreen mode Exit fullscreen mode

So 022 does not mean "set permissions to 022". It means "remove these permission bits from the default mode".

The common example

For directories:

777 - 022 = 755
Enter fullscreen mode Exit fullscreen mode

For regular files:

666 - 022 = 644
Enter fullscreen mode Exit fullscreen mode

That is why a newly created folder often becomes:

drwxr-xr-x
Enter fullscreen mode Exit fullscreen mode

And a newly created file often becomes:

-rw-r--r--
Enter fullscreen mode Exit fullscreen mode

Why files do not start from 777

Directories need the execute bit so users can enter and traverse them.

Regular files usually do not start as executable. That is why the default starting point for many newly created files is 666, not 777.

So this is expected:

umask 022 -> folders 755
umask 022 -> files 644
Enter fullscreen mode Exit fullscreen mode

More examples 

umask 002 -> folders 775, files 664
umask 027 -> folders 750, files 640
umask 077 -> folders 700, files 600
Enter fullscreen mode Exit fullscreen mode

002 is common when a shared group needs write access.

027 is stricter: group can read and enter directories, but others get no access.

077 is private: only the owner gets access.

chmod vs umask

A lot of confusion comes from mixing up chmod and umask.

chmod changes permissions on existing files or directories.

umask controls the default permissions for new files and directories.

So if a file already exists, changing your umask will not change that file. You would use chmod for that.

If new files are being created with the wrong permissions, then checking the current umask makes sense.

Quick checklist

When debugging a permissions problem, check these in order:

  1. What user is creating the file?
  2. What group owns the parent directory?
  3. What is the current umask?
  4. Is the filesystem a normal Linux filesystem, or something mounted with options like uid, gid, umask, fmask, or dmask?
  5. Are you trying to fix an existing file, or the defaults for future files?

That last question usually tells you whether you need chmod or umask.

I made a small browser-local calculator for this because I kept checking the same examples repeatedly:

https://webutilslab.com/umask-calculator/?ref=devto

It runs in the browser and is mostly useful for quickly verifying cases like 022, 027, and 077.

Top comments (0)