Skip to content

umask

Intro

umask - set file mode creation mask

Description

The umask system call sets the calling process's file mode creation mask (umask) to mask and returns the previous value of the mask. The umask is used to determine the file permission bits of newly created files. A process calls umask before creating new files and directories with the intention that files will be created with the specified mode. The mode argument is bitwise-ANDed with the complement of the file mode creation mask of the process (as returned by a call to umask) to turn off specified bits in the file permission, thus restricting the permissions of newly-created files.

UMask is designed to be used in a secure way to ensure that no unintended consequences arise due to unexpected permissions. It should not be used to relax constraints. Allowing a process to execute arbitrary external code with arbitrary permissions is a security risk.

Arguments

  • mask:mode_t[K] - The new file mode creation mask, or 0 for no change. The bit pattern of the mask is CNMSFU, where S is the set-user-ID and F is the set-group-ID permission bit.

Available Tags

  • K - Originated from kernel-space.

Hooks

sys_umask

Type

Tracepoint.

Purpose

Tracking the umask modifications of a process over time.

Example Use Case

Umask can be used to monitor changes to the file mode creation mask of a process. It can be used to ensure that the process is only setting the file mode creation mask to pre-defined values, and that no unintended consequences arise due to unexpected permissions.

Issues

Using umask to relax constraints can be a security risk. Allowing a process to execute arbitrary external code with arbitrary permissions is a breach of security.

  • chmod() - used to change the permission of a file or directory.
  • stat() - used to get the file mode of a file or directory.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.