Every file or folder has permissions associated with it. When you create a file or folder, the umask setting determines these permissions. The permissions on a file can be represented by a number with three digits of 0-7. When you create a file, the umask value is subtracted from a default value (usually 666 for files, 777 for folders) to determine the permissions on the new file or folder. For example, the default umask of 022 results in permissions of 644 on new files and 755 on new folders: groups and other users can read the files and traverse the folders, but only the owner can make changes. For more information on permissions and their numerical representation, see this article.
When you create a file, the umask value is subtracted from this maximum permissions value to determine the permissions on the new file or folder. For example, the default umask of 022 results in permissions of 755 on new files or folders: the owner has full access, while the group and others can read and execute, but not write to the file.
System administrators may wish to set more or less restrictive umasks for their users. There are several different places in which a umask can be set, each affecting different applications.
Umask for user applications
In Mac OS X v10.5.3 and later, you can create the file /etc/launchd-user.conf with the contents "umask nnn". Do not include the quotation marks and replace nnn with the desired umask value, such as 027 or 002.
This will set the user's umask for all applications they launch, such as Finder, TextEdit, or Final Cut Pro, and control the permissions set on new files created by any of these applications.
Note: If you are using OS X Lion, you should update to OS X Lion v10.7.4 or later. Files and folders created in the Finder will then respect the user umask.
Umask for system processes
In Mac OS X v10.4 and later, create the file /etc/launchd.conf with the contents "umask nnn". Do not include the quotation marks and replace nnn with the desired umask value, such as 027 or 002.
This will set the umask for all processes. Changing this value is strongly discouraged because it changes the permissions on files used by the system software. If the permissions are too restrictive, dependent software may not work. If the permissions are too open, they may introduce security issues.
Umask for a specific LaunchAgent or LaunchDaemon
In Mac OS X v10.4 and later, advanced administrators can set a separate umask for a specific LaunchAgent or LaunchDaemon by adding a Umask value to the launchd plist file. This setting will override, for that process only, the umask setting in /etc/launchd.conf or /etc/launchd-user.conf. For more information on this option, see man launchd.plist.