3

Why is umask a $perms AND NOT $mask and not simply $perms AND $mask instead?

In other words why is there a NOT in there; why doesn't wasn't it implemented as an and mask?

As an example, 666 and 700, to give 600?

Chadddada
  • 1,680
  • 1
  • 19
  • 26
Spacen Jasset
  • 244
  • 1
  • 8

2 Answers2

5

The key is that the umask ("user mask") is intended to keep processes from creating files with permission bits they're not supposed to use. If you look at it from that perspective, the concept of a umask may make more sense; in particular, the common umask of 022 prevents processes from creating files that are writable by group or world, which is usually what you want.

Handyman5
  • 5,257
  • 26
  • 30
  • This misses the point of the question. Why is it 022 and not 0755? – Ignacio Vazquez-Abrams Jul 03 '11 at 00:46
  • 2
    No, he nailed it. You want to clear permissions bits, not *set* them. – Jodie C Jul 03 '11 at 01:30
  • Jodie, I think you missed what the OP is demonstrating in his example. He is asking why the mask isn't a representation of what a process is allowed to set (i.e. an 0755 mask would mean that, at most, a process could set group/world read and execute). It's really a question of a design decision made 50 years ago. – Kyle Smith Jul 03 '11 at 03:26
  • I know exactly what he's saying. His example isn't very good. Try an AND with a 6 and 5. It's 4! Try doing that in your head. Now do 6 NOT AND 2... well that's easy, 6-2 = 4. Easier on the operator to set the bits to be cleared. – Jodie C Jul 03 '11 at 04:54
  • 1
    I think I see, therefore the way it works was entirely a conceptual decision - to mark permissions that aren't allowed rather than mark permissions that are allowed. I always considered it confusing and the wrong way around. – Spacen Jasset Jul 03 '11 at 09:31
  • I believe it was intended more as a security measure; setting the umask ensures that processes you ran would behave properly on a system where not all of the users could be implicitly trusted, regardless of how they were written. – Handyman5 Jul 03 '11 at 17:55
  • 1
    Unix is not yet 50 years old. – JdeBP Jul 04 '11 at 13:06
  • And the fact that M. Vazquez-Abrams above erroneously wrote 0755 rather than 07755 should, if pondered enough, lead thinking in a more profitable direction. ☺ – JdeBP Jul 04 '11 at 13:16
  • @JdeBP Ayy! I'm comin at you live from the year 2018 and bro first of all you wouldn't believe who they elected President of the USA. I'd tell you but you wouldn't believe it. And I'm sorry to say there are *still* no flying cars but son listen **they legalized it**! They fuxxin legalizing it everywhere! Praise be to Jesus! Not only that, but here we are, rolling up super quick on **FIFTY YEARS OF UNIX** if you count development starting in '69. And let's be real for a minute and just recognize that Real Programmers always count time starting in '69 anyway. Represent! – L0j1k May 21 '18 at 10:30
3

The input value is octal which may require a leading 0 to be parsed correctly. As the owner mask is almost always 0 the mask can be entered with three digits. As an AND mask, it would need to be entered as 0755 or 0750.

Defining it as an AND NOT operation makes it safer if characters are missed in the mask. If umask was and AND operation umask 5 would allow only limited world access and umask 0 would be even worse. umasq 75 parsed as a decimal value would be be effectively umask 113 which would not allow read acces.

EDIT: From another perspective, the mask is a list of the bits you want masked off. Therefore you want masks like 026 rather than 0751. Internal representation may well be 07751 or what ever is appropriate for ANDing. If not, the conversion is relatively trivial, and in the grand scheme of things the mask doesn't get applied that often.

BillThor
  • 27,737
  • 3
  • 37
  • 69