Umask
関連記事
umask ユーティリティはファイル作成モードマスクを制御するのに使われます。モードマスクは新しく作成されたファイルのファイルパーミッションの初期値を決定します。このユーティリティの挙動は POSIX によって仕様化されており、POSIX のプログラマーマニュアル に解説があります。umask はシェルの実行環境に影響を与えるため、基本的にシェルのビルトインコマンドとして実装されます。
モードマスクの意味
The mode mask contains the permission bits that should not be set on a newly created file, hence it is the logical complement of the permission bits set on a newly created file. If some bit in the mask is set to 1, the corresponding permission for the newly created file will be disabled. Hence the mask acts as a filter to strip away permission bits and helps with setting default access to files.
The resulting value for permission bits to be set on a newly created file is calculated using bitwise material nonimplication (also known as abjunction), which can be expressed in logical notation:
R: (D & (~M))
That is, the resulting permissions R are the result of bitwise conjunction of default permissions D and the bitwise negation of file-creation mode mask M.
For example, let us assume that the file-creation mode mask is 027. Here the bitwise representation of each digit represents:
- 0 stands for the user permission bits not set on a newly created file
- 2 stands for the group permission bits not set on a newly created file
- 7 stands for the other permission bits not set on a newly created file
With the information provided by the table below this means that for a newly created file, for example owned by User1 user and Group1 group, User1 has all the possible permissions (octal value 7) for the newly created file, other users of the Group1 group do not have write permissions (octal value 5), and any other user does not have any permissions (octal value 0) to the newly created file. So with the 027 mask taken for this example, files will be created with 750 permissions.
| Octal | Binary | Meaning |
|---|---|---|
| 0 | 000 | no permissions |
| 1 | 001 | execute only |
| 2 | 010 | write only |
| 3 | 011 | write and execute |
| 4 | 100 | read only |
| 5 | 101 | read and execute |
| 6 | 110 | read and write |
| 7 | 111 | read, write and execute |
現在のマスクの値を表示
現在のマスクを表示するには、何も引数を付けずに umask を実行します。デフォルトの出力スタイルは実装によりますが、基本的に8進数で表示されます:
$ umask
0027
When the -S option, standardized by POSIX, is used, the mask will be displayed using symbolic notation. However, the symbolic notation value will always be the logical complement of the octal value, i.e. the permission bits to be set on the newly created file:
$ umask -S
u=rwx,g=rx,o=
マスクの値を設定
umask の値は umask コマンドで設定することができます。モードマスクを指定するのに使う文字列は chmod でモードを指定する時と同じ構文ルールに従っています (詳しくは POSIX Programmer's Manual を参照)。
(Arch を含む [2]) ほとんど Linux ディストリビューションはデフォルト値を 022 に設定しています。もしくは /etc/profile や /etc/bashrc などのデフォルトシェル設定ファイルで 002 に設定されています。
If you need to set a different value, you can either directly edit such file, thus affecting all users, or call umask from your shell's user configuration file, e.g. ~/.bashrc to only change your umask, however these changes will only take effect after the next login. To change your umask during your current session only, simply run umask and type your desired value. For example, running umask 077 will give you read and write permissions for new files, and read, write and execute permissions for new folders.
参照
- POSIX プログラマーマニュアル:
- umask (also available as
umask(1P)) - chmod (extended description) (also available as
chmod(1P))
- umask (also available as
- wikipedia:umask
- 027 umask: a compromise