Understanding umask

With umask you control the default permissions of newly created files and directories. You do this by specifying which permissions you disallow to be set upon creation of the file or directory.

You can also think of umask as a gatekeeper holding a list of permissions that you are disallowed to set. Imagine a program that wants to create a folder. It appears at the gatekeeper Mr. Umask and requests to create the folder with read, write and execute permissions for owner, group and other. The program is basically saying: "I want to create a directory with permission mode 777". So the gatekeeper looks at his lists and says: "Wait! I don't allow write for group and other. Instead, I'll allow to create your directory with 755". The created directory ends up having 755, or rwxr-xr-x.

If the gatekeeper disallows write for group and other, how would the umask value look like?

It's 022.

The first digit controls user, the second group and the third other. Just as we know it from chmod's numeric mode. And just like in chmod's numeric mode, 4 stands for read, 2 for write and 1 for execute.

If you want to restrict the above further and disallow read access for other, how would the umask look like? Well, 4 means read and the third digit in the mask controls what is disallowed for other. Thus, the resulting umask would be 026.