Set a custom umask in macOS
Every file and folder on your Mac has a set of permissions. When you create a new file or folder, the umask determines these permissions.
These advanced steps are primarily for system administrators and others who are familiar with the command line. Be careful when you change file permissions and umasks. If you make a mistake, you can lower the security of files, folders or apps on your Mac, or prevent apps from working.
About permissions and umasks
Permissions. Every file, folder and app stored on your Mac has permission settings, which determine which user accounts can read, write to or run the file, folder or app. These permissions include POSIX permissions and Access Control Lists (ACLs). To make a user’s POSIX permissions more restrictive or less restrictive, you can adjust their umask value.
Umasks. A three-digit number can represent the POSIX permissions for a file. You may see permissions represented this way when you view them from Terminal. Each digit is between 0 and 7. When you create a file, the umask value is subtracted from a default value (usually 666 for files and 777 for folders) to determine the permissions for the new file or folder. For example, a default umask of 022 sets permissions of 644 on new files and 755 on new folders.
You can set the umask in several locations, and each location affects different apps. If you set a umask incorrectly, you may lose access to files or grant access to other users. See the MODES section of the chmod(1)
manual page for more information.
Umask for user apps
Log in as an administrator and enter the following command in Terminal, replacing nnn
with the umask value, such as 027 or 002. This command sets the user’s umask for every app they open, including apps they access from the command line and new files that those apps create. After entering this command, you may need to restart your Mac.
sudo launchctl config user umask nnn
If Terminal responds ”Could not write configuration: No such file or directory”, make sure your startup disk has a folder at /private/var/db/com.apple.xpc.launchd/config. If the config folder is missing, try again after entering the following command to create it:
sudo mkdir -m 755 /private/var/db/com.apple.xpc.launchd/config
Umask for system processes
Log in as an administrator and enter the following command in Terminal, replacing nnn
with the umask value, such as 027 or 002. This command sets the user’s umask for every daemon that they run in the system context. This is strongly discouraged because it can change the permissions for files that the system uses. Permissions that are too restrictive can prevent software from working, and permissions that are too open can introduce security issues. After entering this command, you may need to restart your Mac.
sudo launchctl config system umask nnn
If Terminal responds ”Could not write configuration: No such file or directory”, make sure your startup disk has a folder at /private/var/db/com.apple.xpc.launchd/config. If the config folder is missing, try again after entering the following command to create it:
sudo mkdir -m 755 /private/var/db/com.apple.xpc.launchd/config
Learn more
For more information about how to set a umask, enter man launchctl
in Terminal.