My "umask" output is "022"- why can't I execute a file I just created without "chmod"?

Question

I have a brand-new file called ./foo, which looks like this:

#!/usr/bin/env bash

echo 'Hello world'

The output of the umask command looks like so:

$ umask -S
u=rwx,g=rx,o=rx

$ umask
022

Yet, when I try to execute the brand-new file (no chmod yet), I get the following:

$ ./foo

zsh: permission denied: ./foo

For what it's worth, I get the same thing when I open a bash shell:

$ bash

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.

bash-3.2$ ./foo

bash: ./foo: Permission denied

And when I inspect the file's permissions with ls -l, it also appears to not be executable:

$ ls -l foo

-rw-r--r--  1 richiethomas  staff  40 Mar  3 10:11 foo

When I chmod the file, however, it works as expected:

$ chmod +x foo

$ ./foo
Hello world

$ ls -l foo
-rwxr-xr-x  1 richiethomas  staff  40 Mar  3 10:11 foo

Using this document as a source, I learned that a umask value of 022 means "Owner has all permissions. Everyone else can read and execute, but not write."

If umask is telling me that a file's creator (i.e. me) should be able to execute the file by default, why am I not in fact able to do so?

Answer 1

The only way I know to make a file executable immediately on creation without using hidden steps (like in a function or script) is to create it by copying another file that is already executable. You could use this to make a base template, then edit the file as needed.

$ echo echo hi > a
$ ./a
-bash: ./a: Permission denied
$ chmod +x a
$ ./a
hi
$ cp a b
$ ./b
hi

...but in general, the default behaviors are always there for a reason. Please think about those reasons before changing them. I'm not saying you shouldn't customize your environment however is needed, just that you should be aware of the possible consequences in the specific context. This might save you a bit of time and a few spoons on a dev sandbox, but don't let it go to a company prod system without really thinking it through.

Answer 2

The umask value that you have does reflect the final permissions of your newly created file.

I learned that a umask value of 022 means "Owner has all permissions. Everyone else can read and execute, but not write."

This is incorrect, umask of 022 tells you that newly created files are readable by everyone, but only writable by the owner.

Indeed, default file permission is 666 upon creation and the 022 will set it to 644 which is what you end up with

$ umask
022

$ touch file.txt
$ stat -c "%a" file.txt
644

$ ls -la
.rw-r--r-- someuser file.txt

If you want to make a file executable by default by exploiting umask, then there is no way to achieve that because the default value upon creation is 666, and for a file to be executable by owner, you would need at least 766.

To give it execution rights you have to use chmod as you did in your OP

$ chmod 744 file.txt
$ ls -la
.rwxr--r-- someuser file.txt

There are some good explanations here on how umask works if you want to dig deeper into this.

If you want to create a file and make it executable with a single command, you could create a function like this in ~/.utils.sh

function touch_rwx() {
    touch $1
    chmod 744 $1
}

You could then source the .sh file and this is the outcome

$ touch_rwx file.txt
$ ls -la
.rwxr--r-- file.txt

If you use this frequently, I would suggest to add .utils.sh in your PATH so that you can use it whenever you want in all your newly created shell sessions.