Filter
Top Products
124 Chapter 8 Working with Users and Groups
 The following file (-) displays read, write, and executable permissions for owner (rwx),
but no permissions for group (---) or others (---):
-rwx------
 The following file (-) displays read and write, but no executable permissions for
owner (rw-), group (rw-), and others (rw-):
-rw-rw-rw-
 The following file (-) displays read, write, and executable permissions for owner (rwx),
but only read and executable for group (r-x) and others (r-x):
-rwxr-xr-x
 The following file (-) displays read, write, and executable permissions for owner (rwx),
but only read for group (r--) and others (r--):
-rwxr--r--
See the ls man page for more information about viewing permissions.
Setting the umask for Individual Users
The global umask setting determines the permissions of new files and folders created
by a local user.
$ sudo defaults write -g NSUmask -int
value
Use one of the following values to set the permission level:
The default umask setting, 022, removes group and world write permissions, but allows
group and world read permissions. With a umask setting of 027, files and folders
created by a user will not be readable by every other user on the computer, but will still
be readable by members of his assigned group. The owner of the file or folder can still
make it accessible to others by changing the permissions in the Finder’s Get Info
window or by using the chmod tool.
To set the NSUmask settings for all local users to octal 027 (decimal equivalent 23):
$ sudo defaults write /Library/Preferences/.GlobalPreferences NSUmask 23
Note: The path above refers to the .GlobalPreferences defaults domain, not to the file
.GlobalPreferences.plist, which might accidentally be filled in while using the shell
autocomplete feature.
Value Permission Level
63 (octal equivalent 077) Only the user can read newly created files.
23 (octal equivalent 027) User and members of the user’s default group can read newly
created files.
18 (octal equivalent 022) All users can read newly created files.