Halloween has come and gone. In fact, so has Thanksgiving. But some masks are always appropriate – not because we’re trying to inspire people to give us candy, but because it’s just too easy to end up with file permissions that don’t reflect the security constraints that work best for us. To help with that, we Unix and Linux users have umask.
The umask setting provides default permissions for any files or directories that you create. If you want that default behavior to ensure that only you can see the files you create, you use one setting. If you want all of your files to be shared by default with people in your core group, you use a different one. The process is easy and fairly straightforward except for one thing. You have to think in a way that may be a bit unusual. The umask setting is, after all, a mask and that implies that it works in a way that is opposite of the way settings normally work.