{{Header}}
{{Title
|title=umask
}}
{{#seo:
|description=This article explains how umask hardening can cause file permission issues when copying files, with step-by-step instructions to reproduce and resolve the problem.
|image=Umask-clipart.svg
}}
[[File:Umask-clipart.svg|thumb]]
{{intro|
Due to the [[Dev/Strong_Linux_User_Account_Isolation#umask_hardening|umask hardening]] security feature, a usability issue may arise where file permissions are more restrictive than expected.

This guide demonstrates how to reproduce the issue and provides solutions to mitigate it.
}}

= Steps to reproduce =

'''1.''' Create the file <code>testfile</code>.

{{CodeSelect|code=
touch -- testfile
}}

'''2.''' Copy the file using <code>cp</code>.

{{CodeSelect|code=
sudo -- cp -- testfile /etc/testfile
}}

'''3.''' View file permissions.

* A) <code>ls</code>
** {{CodeSelect|code=
ls -la -- /etc/testfile
}}
* B) [[chmod-calc]]:
** {{CodeSelect|code=
chmod-calc /etc/testfile
}}

= Expected <code>ls</code> result =

Readable by "others" ("public")

<pre>
-rw-r--r-- 1 root root 0 May 11 10:54 /etc/testfile
</pre>

= Actual <code>ls</code> result =
Unreadable by "others"

<pre>
-rw-r----- 1 root root 0 May 11 10:54 /etc/testfile
</pre>

= Explanation =
This behavior occurs because the file <code>testfile</code> was initially created with restrictive permissions, making it unreadable by "others". When the file is copied, those permissions are preserved by default.

The <code>cp</code> command retains the original file's mode (permissions) unless otherwise instructed. To prevent this, use the <code>--no-preserve=mode</code> option.

= Solutions =

Use <code>cp</code> with the <code>--no-preserve=mode</code> option to avoid inheriting the original permissions.

{{CodeSelect|code=
sudo -- cp --no-preserve=mode -- testfile /etc/testfile
}}

Or, if the file has already been copied, adjust its permissions manually using <code>chmod</code>:

{{CodeSelect|code=
sudo -- chmod o+r -- /etc/testfile
}}

{{reflist|close=1}}
{{Footer}}
[[Category:Design]]