Zero Signup ToolsFree browser tools

Developer Tools

Umask Calculator

Compute the default file and directory permissions for any Linux umask. Octal, symbolic, per-class breakdown, presets, warnings, and shell commands.

One to four octal digits. Three is the standard form (for example 022). A leading zero is optional.

Common umask presets

New files

0666 & ~umask

644

-rw-r--r--

chmod

chmod 644 path/to/file

New directories

0777 & ~umask

755

drwxr-xr-x

chmod

chmod 755 path/to/dir

Per-class breakdown

What each class can do with a new file. The minus rows show bits removed by the umask.

Owner

6

The user that owns the new file or directory.

Can view, modify.

  • + read (4)
  • + write (2)
  • - execute (1)

Group

4

Users in the file's group.

Can view.

  • + read (4)
  • x write (2)masked off
  • - execute (1)

Other

4

Everyone else on the system.

Can view.

  • + read (4)
  • x write (2)masked off
  • - execute (1)

Apply or persist this umask

Pick the form that matches where you want the umask to take effect. Persistence files vary by distribution, so always confirm the path on your system before editing.

Set umask for the current shell

umask 022

Applies the umask immediately. Affects every process started from this shell. Resets when the shell exits.

Persist for your user (bash)

echo "umask 022" >> ~/.bashrc

Add to ~/.bashrc so the umask is set every time a new interactive bash shell starts.

Persist for your user (zsh)

echo "umask 022" >> ~/.zshrc

Add to ~/.zshrc so the umask is set every time a new interactive zsh shell starts.

Persist system-wide

sudo sh -c 'echo "umask 022" >> /etc/profile'

Set the default umask for every login session on the host. Requires sudo. Read by PAM via pam_umask on Debian, Ubuntu, Fedora, and most modern distributions.

Symbolic form (newer shells)

umask u=rwx,g=rx,o=rx

POSIX shells also accept symbolic umasks. Sets the same effective mask using letters instead of octal.

Plain-text summary

Copy-friendly block with file mode, directory mode, and the symbolic umask.

Umask reference table

What every common umask value produces for new files and new directories.

umaskFile modeFiles symbolicDir modeDirs symbolicCommon use
022644-rw-r--r--755drwxr-xr-xDefault on most Linux distributions and macOS user shells.
002664-rw-rw-r--775drwxrwxr-xGroup-writable. Common on systems with shared group workflows.
027640-rw-r-----750drwxr-x---Restrictive. Owner full, group read, others blocked. Common on hardened servers.
077600-rw-------700drwx------Strict. Owner only. Recommended for SSH keys and home directories.
007660-rw-rw----770drwxrwx---Owner and group full access, others blocked.
000666-rw-rw-rw-777drwxrwxrwxNo bits masked. Files are world-writable. Avoid.

How umask works

Every time a Unix process creates a new file or directory, it asks the kernel for a starting permission mode. For files the default is 0666 (read and write for everyone); for directories it is 0777 (full access for everyone). The umask is a bitwise mask the kernel subtracts from that default. The resulting mode is default & ~umask. So a umask of 022 leaves files at 0666 minus the write bits for group and other, which gives 0644, and leaves directories at 0777 minus the same, which gives 0755.

The umask is per-process. Children inherit the umask of their parent shell, which is why setting umask in your shell rc file persists for every new session. Setuid, setgid, and the sticky bit are not affected by umask; they have to be set explicitly with chmod after the file is created.

How to use

  1. Type a umask into the input box. One to four octal digits are accepted, each between 0 and 7. A leading zero is optional (022 and 0022 are equivalent).
  2. Click a preset to load a common umask. 022 is the standard default; 077 is the strict owner-only setting; 027 hardens group access.
  3. Read the New files panel for the default mode in octal and symbolic form. Read the New directories panel for the directory equivalent.
  4. Toggle File or Directory in the per-class breakdown to see which read, write, and execute bits each class (owner, group, other) gets and which the umask masks off.
  5. Review the Notices panel for warnings about dangerous values like umask 000 or world-writable defaults.
  6. Use the Apply or persist this umask panel to copy a ready shell command. Pick temporary (current shell), per-user (bashrc or zshrc), or system-wide (/etc/profile), or the symbolic form for newer POSIX shells.

About this tool

Umask Calculator translates any Linux user-file-creation mask into the default permission mode the kernel will assign to new files and new directories. The umask is the bitwise complement of the bits the kernel removes from the default 0666 for files and 0777 for directories. The result is a four-part display: the resulting file mode in octal and symbolic form, the resulting directory mode in octal and symbolic form, a per-class read/write/execute breakdown that highlights which bits the umask blocks (in rose) versus which the file would still get (in emerald), and a notices panel that flags dangerous values like umask 000 (world-writable files) or any umask that leaves write open to others. Six common presets cover the umasks that account for almost every real-world server and workstation. 022 is the default on most Linux distributions and macOS user shells; 002 is the common group-writable default for shared workspaces; 027 hardens that to read-only for the group; 077 limits everything to the owner and is the recommended setting for SSH keys, home directories, and credential stores; 007 mirrors 077 but allows group full access; 000 demonstrates what no masking would produce so you can see why it is dangerous. Five copy-ready shell commands handle the most common ways to apply or persist the umask: temporarily in the current shell, persistently for the current user in bashrc or zshrc, system-wide in /etc/profile, and via the symbolic form some modern shells prefer. A full reference table shows every preset side by side with file mode, directory mode, file symbolic, directory symbolic, and a one-line use-case description so you can compare at a glance. Useful for sysadmins hardening servers, developers setting up dotfiles, DevOps engineers writing Dockerfiles, security teams auditing default permissions, students learning Linux permissions, and anyone who has googled umask 022 versus umask 077 and wants to see the actual outcome before changing their shell config. All computation runs locally in your browser; the umask you type never leaves your device.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

Chmod Calculator

Convert chmod values between octal, symbolic (rwxr-xr-x), and clickable owner, group, and other checkboxes.

Open tool

Security

htpasswd Generator

Create htpasswd entries for Apache and Nginx basic auth, APR1-MD5 or SHA-1.

Open tool

Developer

Gitignore Generator

Build a .gitignore from curated language, framework, editor, and OS templates.

Open tool

Developer

Apache .htaccess Generator

Generate a complete Apache .htaccess with redirects, security headers, caching, and access controls.

Open tool

Developer

Nginx Config Generator

Build a production nginx server block with modern TLS, HTTP/2, HSTS, gzip, and proxy headers.

Open tool

Developer

Find Command Builder

Build a find command from a form and copy a ready-to-run one-liner.

Open tool

All toolsDeveloper Tools