The primitive functions for creating files (for example, open or
mkdir) take a mode argument, which specifies the file
permissions for the newly created file. But the specified mode is
modified by the process's file creation mask, or umask,
before it is used.
The bits that are set in the file creation mask identify permissions that are always to be disabled for newly created files. For example, if you set all the "other" access bits in the mask, then newly created files are not accessible at all to processes in the "other" category, even if the mode argument specified to the creation function would permit such access. In other words, the file creation mask is the complement of the ordinary access permissions you want to grant.
Programs that create files typically specify a mode argument that includes all the permissions that make sense for the particular file. For an ordinary file, this is typically read and write permission for all classes of users. These permissions are then restricted as specified by the individual user's own file creation mask.
To change the permission of an existing file given its name, call
chmod. This function ignores the file creation mask; it uses
exactly the specified permission bits.
In normal use, the file creation mask is initialized in the user's login
shell (using the umask shell command), and inherited by all
subprocesses. Application programs normally don't need to worry about
the file creation mask. It will do automatically what it is supposed to
do.
When your program should create a file and bypass the umask for its
access permissions, the easiest way to do this is to use fchmod
after opening the file, rather than changing the umask.
In fact, changing the umask is usually done only by shells. They use
the umask function.
The functions in this section are declared in `sys/stat.h'.
umask function sets the file creation mask of the current
process to mask, and returns the previous value of the file
creation mask.
Here is an example showing how to read the mask with umask
without changing it permanently:
mode_t
read_umask (void)
{
mask = umask (0);
umask (mask);
}
However, it is better to use getumask if you just want to read
the mask value, because that is reentrant (at least if you use the GNU
operating system).
chmod function sets the access permission bits for the file
named by filename to mode.
If the filename names a symbolic link, chmod changes the
permission of the file pointed to by the link, not those of the link
itself.
This function returns 0 if successful and -1 if not. In
addition to the usual file name errors (see section File Name Errors), the following errno error conditions are defined for
this function:
ENOENT
EPERM
EROFS
EFTYPE
S_ISVTX bit (the "sticky bit") set,
and the named file is not a directory. Some systems do not allow setting the
sticky bit on non-directory files, and some do (and only some of those
assign a useful meaning to the bit for non-directory files).
You only get EFTYPE on systems where the sticky bit has no useful
meaning for non-directory files, so it is always safe to just clear the
bit in mode and call chmod again. See section The Mode Bits for Access Permission,
for full details on the sticky bit.
chmod, except that it changes the permissions of
the file currently open via descriptor filedes.
The return value from fchmod is 0 on success and -1
on failure. The following errno error codes are defined for this
function:
EBADF
EINVAL
EPERM
EROFS
Go to the first, previous, next, last section, table of contents.