Optimizing Linux Permissions: Harnessing the Power of umask, chmod, and usermod

Pooja ManellorePooja Manellore
3 min read

Table of contents

Today, we'll dive into the powerful Linux commands umask, chmod, and usermod, focusing on how to efficiently manage file and directory permissions. As an admin, setting the correct permissions is crucial for maintaining security and functionality across your system.

Understanding umask: Predefine File Permissions

While chmod allows you to change file permissions after creation, umask lets you set default permissions before files or directories are created. This ensures that every new file or folder adheres to the admin-defined settings.

  • Root umask: 0022

  • User umask: 0002

  • Default File Permission: 666

  • Default Directory Permission: 777

For example:

  • 666 - 022 = 644 (-rw-r--r--) for files

  • 777 - 022 = 755 (drwxr-xr-x) for directories

You can check your current umask value with the command:

umask

umask -s a=rwx  # All users get read, write, execute permissions umask u+rwx,g+rwx,o+rw  # User, group, and others get specified permissions

umask u+rwx,g+rwx,o+rw  # User, group, and others get specified permissions

u means user , g means group, o means others

Once set, any new file or directory will inherit these default permissions.

Granting Special Permissions with chmod

chmod is your go-to command for setting special permissions:

  • SUID (4) - Set user ID on execution

  • GUID (2) - Set group ID on execution

  • Sticky Bit (1) - Restricts deletion to the file owner

let's see how

chmod u+s filename

you can also remove the special permission

let's see how

chmod u-s filename

you can also set permission for group but others part you can only give the sticky bit permission is nothing but the owner of the file can only remove the file

chmod o+t filename

let see how to use chmod with numerical value

chmod 2775 file name

in that 2775 place you can give any number and change the file permission and 2 is the group special permission.

Managing User Accounts with usermod

To lock the user account you can use

usermod -L username

usermod -L bhaskar

To unlock the user account you can use

usermod -U username

In order to change the shell of an existing user to no login you can use

usermod -s /sbin/nologin username

To change the shell as /bin/bash for existing user you can use

usermod -s /bin/bash

And that’s a wrap for today! By mastering these commands, you can take full control of permissions and user management on your Linux system.

If you spot any errors or have suggestions for improvement, feel free to comment—I'm always eager to learn and grow in my tech skills. Thank you, and see you next time with more Linux commands!

1
Subscribe to my newsletter

Read articles from Pooja Manellore directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxredhatamazon-linux

Written by

Pooja Manellore
Pooja Manellore

I have completed my B.Sc. in Computer Science in 2024 and have gained skills in Data Analytics, HTML, and CSS. I am currently advancing my expertise by learning DevOps, aiming to secure a role as a DevOps Engineer. I am eager to join a company immediately where I can apply my skills and continue growing in this field