The Umask() Function Of Os Module In Python

Name of the function:




Return Value:

The old umask Value


The Unix function umask() sets a given umask value to the current process and returns the old umask value. The umask() function is to remove specific permissions given in the umask value as a file or a directory is created.

Details of umask command in Unix:

Unix has three types of operations that are allowed on a file or a directory and three classes of users who are allowed to perform them.

They are

  • Read

  • Write

  • Execute

These operations are called modes – e.g., A file is in Read and Write mode for a user and in Read mode for a group member. There are special modes as well such as setuid, setguid and sticky bit to add to.

The three user classes include

  • An user a.k.a owner of a file or a directory

  • A group of users belonging to a user group

  • Others who are neither the owner nor the group members of a “specific” group.

Thus, the attributes related to access rights of a file or directory are

  • Special Permissions

  • User Permissions

  • Group Permissions

  • Permission for others

Once a file or directory is created these permissions can be modified using the chmod() function or the chmod command.

chmod and file permissions in UNIX

The umask command is used to remove permissions that are to be denied on a file or directory for a user as they get created from a process.

Except for special permissions like setuid, setguid and sticky bit, the read/write/execute permissions are specified for each class of users separately in chmod.

In umask command, a collection of three decimal digits are used to represent the denied operations on a file – starting from left, one decimal digit for user permissions, one decimal digit for group member permissions and one decimal digit for others.

Controlling of special permissions through umask is unheard of, though the umask command can return a value like 0022 for an existing umask. Here, the leading digit in the left usually denotes the given value is in octal.

The values of these decimal digits are given here: 0 for None, 1 for execute only, 2 for write only, 3 for write and execute, 4 for read only, 5 for read and execute, 6 for read and write and 7 for read, write and execute. e.g., 022.

Each decimal digit correspond to a three digit binary number. As a file is created, a one in this binary number as per its position removes the Read/Write/Execute permission and a zero does not not remove the Read/Write/Execute permissions.

An existing umask of 022 means 000 for user(a.k.a owner), 010 for group and 010 for others. It means do not strip owner off read/write/execute permissions, strip off group members and other users off write permissions.

How umask value is applied when a file or directory is created?


# Example Python program that uses the os.umask() function
# to set the new umask value and to print the old umask
import os

newUmask = 0o033

# Remove write and execute permissions
# for the newly created file and directories
oldUMask = os.umask(newUmask)

# Print the old umask
print("Previous umask:%o"%oldUMask)


Previous umask:22



Copyright 2023 ©