Ksh and umask -S
The Korn shell has a nice feature with its built-in umask command. The -S option is used to symbolically—rather than numerically—display the user’s umask. For example
% umask -S
Default File Permissions and umask
Permissions for files that are created with commands such as vi, cp, or touch or with shell redirection are determined by applying the process’s umask value to the initial value 666. This is illustrated in the following example.
% touch test
% ls -ld test
-rw-r—– 1 pete staff 0 Oct 1 07:17 test
In this example, the file’s permissions can be calculated as 666 (initial value) less 027 (umask) equals 640 (the file’s permissions).
Root User umask
I recommend that root’s umask be set to 077 or 027. This will result in any file created by root being not readable or writable by others.
Default Directory Permissions and umask
Permissions for directories created with commands such as mkdir are determined by applying the process’s umask value to the initial value 777. The following example illustrates this.
% mkdir test
% ls -la test
-rwxr-x— 2 test staff 0 Sep 1 17:10 test
In this example, the directory’s permissions are calculated as 777 (initial value) less 027 (umask), giving 750 (the directory’s permissions).