Quickly discover the mask that shapes new file and directory permissions. 16.11.2025 | reading time: 2 min Every new file or directory inherits a creation mask that limits permission bits; find that mask to understand who can read or execute a file. Quick live check Run a couple of simple commands to see the active mask and the resulting file permissions. ```bash $ umask 0022 $ umask -S u=rwx,g=rx,o=rx $ touch testfile $ ls -l testfile -rw-r--r-- 1 alice alice 0 testfile ``` Find system-wide defaults Inspect files that set defaults for logins and new accounts to locate the global umask: search `/etc/login.defs`, shell profiles and PAM; example commands to run as root or with sudo: ```bash $ grep -i '^UMASK' /etc/login.defs || true $ grep -i umask /etc/profile /etc/bash.bashrc /etc/pam.d/* 2>/dev/null || true $ grep -i umask /etc/adduser.conf 2>/dev/null || true ``` Experiment safely Change the mask in your shell to see immediate effects and revert when done; use this to test how services or users will behave. ```bash $ umask 0077 $ touch secret.txt $ ls -l secret.txt -rw------- 1 alice alice 0 secret.txt $ umask 0022 # restore typical default ``` Process inheritance and services Remember that umask is per process and inherited by child processes, so system services may set their own UMask in unit files or via PAM; change a unit's UMask= for service-level control or adjust PAM/login files for interactive logins. Wrap-up and next step You now know how to read the active umask, test its effect and where system defaults live; explore changing service units or PAM for persistent behavior and deepen skills toward certifications like CompTIA Linux+ or LPIC-1 with intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem security setup scripting troubleshooting
