So I know umask can restrict privileged users, using this format umask ugo.
I understand that the read = 4, write = 2, and exec = 1. However, when I type umask, it returns 4 digits which is 0022 or 0073. I have no understanding of how does this work now because there is an extra digit. What is that extra digit and what does 0022 mean?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Assume the default mask of 0666. umask 0022 would make the new mask 0644 (0666-0022=0644) meaning that group and others have read (no write or execute) permissions.
The “extra” digit (the first number = 0), specifies that there are no special modes.
If mode begins with a digit it will be interpreted as octal otherwise its meant to be symbolic.
0 is a digit, as is 1 (for the sticky bit) or 6 (for SGID). A command such as chmod can be called by other methods, such as chmod ug+rw mydir where you would add the read and write permissions to user and group. Note that the mode in this case (ug+rw) does not begin with a digit, thus would not be interpretted as octal but rather symbolic.
See en.wikipedia.org/wiki/Chmod#Symbolic_examples for symbolics as well as www.lifeaftercoffee.com/2007/03/20/special-permission-modes-in-linux-and-unix/ for a bit on special modes.
I don’t know that you would unmask the first bit with umask, but technically you could. It would explain why you almost always see it as a zero.
Credit to pinkfloydx33
The first digit of the mask deals with special permissions that don’t fit quite so cleanly into the owner/group/other model. When four digits are provided for a file permission, the first refers to those special values:
4000 = SUID 2000 = SGID 1000 = sticky bit
The SUID bit, short for set-user-ID, causes an executable program to run with the effective user id (uid) of the owner — in other words, no matter who executes it, the program executes with the owner’s rights. This is commonly seen in programs that do things that require root privileges, but are meant to be run by normal users: passwd is one such example.
The SGID bit, short for set-group-ID, is very similar, but runs with the effective group id (gid) of the owner.
The sticky bit is a little more complicated, if you want more information on that, you can read the manpage for sticky.
These bits can also be used with directories, but their meanings change.
I don’t believe you can actually set the umask to allow you to enable any of these extra bits by default, but you probably would never want to do that anyways.
Credit to user470379
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0