9.c Manage default file permissions

...

By default, files in Linux have octal permissions of 0666 and folders have permissions of 0777.

These defaults are quite permissive and some permissions are often subtracted for better security.

📝 NOTE: Folders are granted execute permissions by default because without this, users cannot cd into them. Execute permissions on files must be granted manually.

Permissions can be automatically subtracted by configuring a umask. Most Linux systems, including RHEL, come pre-configured with a umask which can be viewed from the terminal.

The umask subtracts from the base permissions as shown in this diagram:

📝 NOTE: The default mask for a standard user is 0002; for the root user it is 0022.

To changing the default file permissions is as simple as changing the umask. This can be done non-persistently by writing the octal value after the command:

⚠️ WARNING: Changing the umask as above does not persist on reboot, or even on opening a new shell.

To always change the default umask for a user, you can add the command into their .bashrc:

To change system-wide umask default, edit /etc/login.defs

📝 NOTE: umask can only reduce default permissions, not increase them. Because of this, special permissions are not really affected by umask since they have a value of 0 by default.

To confirm whether files made with a umask have the desired permissions, ls -l can show symbolic permissions and octal permissions can be viewed using stat.

⬅️ Back