umask is the Unix mechanism for setting default permissions on newly created files — a bitmask that’s subtracted from the maximum permissions a new file could have. Set it right and your files emerge with sensible permissions; set it wrong and you’re creating world-writable files in your home directory without noticing. The command exists in every shell, is set in login scripts, and is ignored by virtually every developer until a security audit or a confused colleague points out that their application has been creating world-readable log files containing credentials for eighteen months. The name — user file-creation mask — is accurate if you understand bitwise operations and a minor obstacle if you don’t. Most people learn what their umask should be, set it, and never think about it again, which is probably the intended experience.
