Changing Default Permissions

Overview

By default, when Matilda users create a file the permissions of that file will be:

-rw-r-----

The default permissions on a newly created directory will be:

drwxr-x---

This applies whether the file or directory are created in the user's home directory, scratch space, or project space. This default behavior is controlled by an environmental variable known as "umask" (or User Mask). The default "umask" for all users is "0027" on Matilda.

In some cases, users may wish to alter the default file and directory creation permissions either permanently, or temporarily. This document briefly describes "umask" and how to alter it.

Explaining umask

In short, umask is - a mask - that is, it masks certain bits in the permissions settings. One can think of it as the bits to exclude rather than the bits to include (as is the case with "chmod"). For example, to see your current umask, use:

[someuser@hpc-login-p01 ~]$ umask
0027

You can also see your umask symbolically by using:

[someuser@hpc-login-p01 ~]$ umask -S
u=rwx,g=rx,o=

Breaking down the umask 0027 (the Matilda default) we have:

  • 0 - special bit mask (not usually used)
  • 0 - the mask for the owner of the file
  • 2 - the mask for members of the group
  • 7 - the mask for "other" (world)

Now let's illustrate how masks work. We know that maximum permissions (ones that allow anyone to read, write, or execute a file) are "0777". Applying the default umask "0027" we see the effective permissions of a file or folder using a bit of arithmetic:

  0777  (all permitted, symbolically rwxrwxrwx)
- 0027  (umask)
_______
  0750  (effective permissions, symbolically rwxr-x---)

Changing umask

Suppose you have a case where a PI wishes to create files and folders in their /projects directory space so that all members of the group and not only read and execute files and folders, but can write to them as well. Of course, this can be done selectively using the "chmod" command, but it could also be done by changing their "umask". This is a relatively simple operation. We can compute our new umask as follows:

  0777 (all permitted)
- 0770 (desired permissions)
______
  0007 (umask needed)

To set the umask, simply use:

umask 007

Make sure to double check your setting:

umask
or
umask -S

WARNING: This umask will be in effect until you change it back or logout! If you only want to temporarily change the umask for a few file operations, make sure to change it back to the default using the following when your work is complete:

umask 0027

Then verify your changes as shown previously.

Permanently Changing umask

NOTE: THIS IS NOT RECOMMENDED!

If you want to change your umask on a permanent or semi-permanent basis, you can do so by modifying your ~/.bashrc file. Simply add this line near the bottom of the file:

vim ~/.bashrc  (open the file)
umask 0007

Then save (use the editor of your choice, vim is used in the example above). In this way, your umask will be altered to the new umask each time you log-in.

PLEASE BE AWARE that permanently changing your umask in this way may expose certain files to being compromised. Use with extreme care!


CategoryHPC