coreutils: Umask and Protection
1
1 27.2.6 The Umask and Protection
1 -------------------------------
1
1 If the USERS part of a symbolic mode is omitted, it defaults to ‘a’
1 (affect all users), except that any permissions that are _set_ in the
1 system variable ‘umask’ are _not affected_. The value of ‘umask’ can be
1 set using the ‘umask’ command. Its default value varies from system to
1 system.
1
1 Omitting the USERS part of a symbolic mode is generally not useful
1 with operations other than ‘+’. It is useful with ‘+’ because it allows
1 you to use ‘umask’ as an easily customizable protection against giving
1 away more permission to files than you intended to.
1
1 As an example, if ‘umask’ has the value 2, which removes write
1 permission for users who are not in the file’s group, then the mode:
1
1 +w
1
1 adds permission to write to the file to its owner and to other users who
1 are in the file’s group, but _not_ to other users. In contrast, the
1 mode:
1
1 a+w
1
1 ignores ‘umask’, and _does_ give write permission for the file to all
1 users.
1