PHP Function Umask

php function umask is used to control the permissions which are applied by default when new files are created. The mask can be set in either octal or decimal form. It can also be padded with zeros in order to create an octal value. It is important to remember that umask only revokes permissions; it does not grant them. This means that you will still need to use chmod to grant any additional permissions that are required.

Each process has its own mask which is applied whenever it creates a file. Any process spawned from the shell inherits the mask of the shell. This means that if you umask(22) then the mask will be applied to all processes spawned by that shell, which will cause them to have 0666 permissions on all new files that they create (this can be dangerous).

Any additional masks that are applied should be remembered as they will only apply for that shell session. This means that when you restart your shell or log in again any new files or directories will be given the default permissions as chosen by your distribution (usually 002). If you use a more restrictive umask then it is recommended that you follow this with a call to chmod() to manually set the permissions on each file or directory. Otherwise you may find that your applications do not work properly. This is why the safest place to store a custom umask is in your /.profile file.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

umask example


    public function __construct($options = null, $backendOptions = [])
    {
        // Self pointer needed by some other class methods         $this->smarty = $this;

        $this->start_time = microtime(true);

        if (!isset($backendOptions['cache_file_perm'])) {
            $backendOptions['cache_file_perm'] = 0666 & ~umask();
        }

        if (\is_string($backendOptions['cache_file_perm'])) {
            $backendOptions['cache_file_perm'] = octdec($backendOptions['cache_file_perm']);
        }

        if (!isset($backendOptions['hashed_directory_perm'])) {
            $backendOptions['hashed_directory_perm'] = 0777 & ~umask();
        }

        if (\is_string($backendOptions['hashed_directory_perm'])) {
            
clearstatcache(true, $dir);
                if (!is_dir($dir)) {
                    throw new \RuntimeException(sprintf('Unable to create the cache directory (%s).', $dir));
                }
            }
        } elseif (!is_writable($dir)) {
            throw new \RuntimeException(sprintf('Unable to write in the cache directory (%s).', $dir));
        }

        $tmpFile = tempnam($dirbasename($key));
        if (false !== @file_put_contents($tmpFile$content) && @rename($tmpFile$key)) {
            @chmod($key, 0666 & ~umask());

            if (self::FORCE_BYTECODE_INVALIDATION == ($this->options & self::FORCE_BYTECODE_INVALIDATION)) {
                // Compile cached file into bytecode cache                 if (\function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), \FILTER_VALIDATE_BOOLEAN)) {
                    @opcache_invalidate($key, true);
                } elseif (\function_exists('apc_compile_file')) {
                    apc_compile_file($key);
                }
            }

            return;
        }
$message = strip_tags($error['message'] ?? '');

            throw HTTPException::forMoveFailed(basename($this->path)$targetPath$message);
        }

        if ($this->hasMoved === false) {
            $message = 'move_uploaded_file() returned false';

            throw HTTPException::forMoveFailed(basename($this->path)$targetPath$message);
        }

        @chmod($targetPath, 0777 & ~umask());

        // Success, so store our new information         $this->path = $targetPath;
        $this->name = basename($destination);

        return true;
    }

    /** * create file target path if * the set path does not exist * * @return string The path set or created. */
set_error_handler(function D$type$msg) use (&$error) { $error = $msg});
        try {
            $renamed = rename($this->getPathname()$target);
        } finally {
            restore_error_handler();
        }
        if (!$renamed) {
            throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname()$targetstrip_tags($error)));
        }

        @chmod($target, 0666 & ~umask());

        return $target;
    }

    public function getContent(): string
    {
        $content = file_get_contents($this->getPathname());

        if (false === $content) {
            throw new FileException(sprintf('Could not get the content of the file "%s".', $this->getPathname()));
        }

        

    'cdn' => [
        'backend' => 'local',
        'strategy' => 'md5',
        'liveMigration' => false,
        'adapters' => [
            'local' => [
                'type' => 'local',
                'mediaUrl' => '',
                'permissions' => [
                    'file' => [
                        'public' => 0666 & ~umask(),
                        'private' => 0600 & ~umask(),
                    ],
                    'dir' => [
                        'public' => 0777 & ~umask(),
                        'private' => 0700 & ~umask(),
                    ],
                ],
                'root' => realpath(__DIR__ . '/../../../'),
            ],
            'ftp' => [
                'type' => 'ftp',
                
$filename = $this->filesystem->tempnam($dirname, 'foo', '0');
        $this->assertStringEndsWith('0', $filename);
        $this->assertFileExists($filename);
    }

    public function testDumpFile()
    {
        $filename = $this->workspace.\DIRECTORY_SEPARATOR.'foo'.\DIRECTORY_SEPARATOR.'baz.txt';

        // skip mode check on Windows         if ('\\' !== \DIRECTORY_SEPARATOR) {
            $oldMask = umask(0002);
        }

        $this->filesystem->dumpFile($filename, 'bar');
        $this->assertFileExists($filename);
        $this->assertStringEqualsFile($filename, 'bar');

        // skip mode check on Windows         if ('\\' !== \DIRECTORY_SEPARATOR) {
            $this->assertFilePermissions(664, $filename);
            umask($oldMask);
        }
    }

        $options['env_var_name'] ??= 'APP_ENV';
        $debugKey = $options['debug_var_name'] ??= 'APP_DEBUG';

        $debug = $options['debug'] ?? $_SERVER[$debugKey] ?? $_ENV[$debugKey] ?? true;

        if (!\is_bool($debug)) {
            $debug = filter_var($debug, \FILTER_VALIDATE_BOOL);
        }

        if ($debug) {
            umask(0000);
            $_SERVER[$debugKey] = $_ENV[$debugKey] = '1';

            if (false !== $errorHandler = ($options['error_handler'] ?? BasicErrorHandler::class)) {
                $errorHandler::register($debug);
                $options['error_handler'] = false;
            }
        } else {
            $_SERVER[$debugKey] = $_ENV[$debugKey] = '0';
        }

        $this->options = $options;
    }

    private function resolveFilePermissions(array $permissions)
    {
        $options = new OptionsResolver();

        $options->setDefined(['public', 'private']);

        $options->setAllowedTypes('public', 'int');
        $options->setAllowedTypes('private', 'int');

        $options->setDefault('public', 0666 & ~umask());
        $options->setDefault('private', 0600 & ~umask());

        return $options->resolve($permissions);
    }

    /** * @return array */
    private function resolveDirectoryPermissions(array $permissions)
    {
        $options = new OptionsResolver();

        
if (\is_array($report) && str_contains($report['message'], 'error code(1314)')) {
                    self::$symlinkOnWindows = false;
                }
            } else {
                @unlink($targetDir);
            }
        }
    }

    protected function setUp(): void
    {
        $this->umask = umask(0);
        $this->filesystem = new Filesystem();
        $this->workspace = sys_get_temp_dir().'/'.microtime(true).'.'.mt_rand();
        mkdir($this->workspace, 0777, true);
        $this->workspace = realpath($this->workspace);
    }

    protected function tearDown(): void
    {
        if (!empty($this->longPathNamesWindows)) {
            foreach ($this->longPathNamesWindows as $path) {
                exec('DEL '.$path);
            }
'inline_class_loader' => $inlineClassLoader,
            'build_time' => $container->hasParameter('kernel.container_build_time') ? $container->getParameter('kernel.container_build_time') : time(),
            'preload_classes' => array_map('get_class', $this->bundles),
        ]);

        $rootCode = array_pop($content);
        $dir = \dirname($cache->getPath()).'/';
        $fs = new Filesystem();

        foreach ($content as $file => $code) {
            $fs->dumpFile($dir.$file$code);
            @chmod($dir.$file, 0666 & ~umask());
        }
        $legacyFile = \dirname($dir.key($content)).'.legacy';
        if (is_file($legacyFile)) {
            @unlink($legacyFile);
        }

        $cache->write($rootCode$container->getResources());
    }

    /** * Returns a loader for the container. */

        $config = \HTMLPurifier_Config::createDefault();

        if ($this->cacheDir !== '') {
            $config->set('Cache.SerializerPath', $this->cacheDir);
        }

        if (!$this->cacheEnabled) {
            $config->set('Cache.DefinitionImpl', null);
        }

        $config->set('Cache.SerializerPermissions', 0775 & ~umask());

        return $config;
    }

    /** * @param array<string, array<string>> $options */
    private function getConfig(array $options, bool $override, ?string $field): \HTMLPurifier_Config
    {
        $config = $this->getBaseConfig();

        
set_error_handler(function D$type$msg) use (&$error) { $error = $msg});
            try {
                $moved = move_uploaded_file($this->getPathname()$target);
            } finally {
                restore_error_handler();
            }
            if (!$moved) {
                throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname()$targetstrip_tags($error)));
            }

            @chmod($target, 0666 & ~umask());

            return $target;
        }

        switch ($this->error) {
            case \UPLOAD_ERR_INI_SIZE:
                throw new IniSizeFileException($this->getErrorMessage());
            case \UPLOAD_ERR_FORM_SIZE:
                throw new FormSizeFileException($this->getErrorMessage());
            case \UPLOAD_ERR_PARTIAL:
                throw new PartialFileException($this->getErrorMessage());
            
return false;
            }

            if (false === @rename($tmpFile$path)) {
                @unlink($tmpFile);

                return false;
            }
        }

        @chmod($path, 0666 & ~umask());

        return true;
    }

    /** * @return string */
    public function getPath(string $key)
    {
        return $this->root.\DIRECTORY_SEPARATOR.substr($key, 0, 2).\DIRECTORY_SEPARATOR.substr($key, 2, 2).\DIRECTORY_SEPARATOR.substr($key, 4, 2).\DIRECTORY_SEPARATOR.substr($key, 6);
    }

    

    public function write(string $content, array $metadata = null)
    {
        $mode = 0666;
        $umask = umask();
        $filesystem = new Filesystem();
        $filesystem->dumpFile($this->file, $content);
        try {
            $filesystem->chmod($this->file, $mode$umask);
        } catch (IOException) {
            // discard chmod failure (some filesystem may not support it)         }

        if (null !== $metadata) {
            $filesystem->dumpFile($this->getMetaFile()serialize($metadata));
            try {
                


        // Will create a temp file with 0600 access rights         // when the filesystem supports chmod.         $tmpFile = $this->tempnam($dirbasename($filename));

        try {
            if (false === self::box('file_put_contents', $tmpFile$content)) {
                throw new IOException(sprintf('Failed to write file "%s": ', $filename).self::$lastError, 0, null, $filename);
            }

            self::box('chmod', $tmpFilefile_exists($filename) ? fileperms($filename) : 0666 & ~umask());

            $this->rename($tmpFile$filename, true);
        } finally {
            if (file_exists($tmpFile)) {
                self::box('unlink', $tmpFile);
            }
        }
    }

    /** * Appends content to an existing file. * * @param string|resource $content The content to append * @param bool $lock Whether the file should be locked when writing to it * * @return void * * @throws IOException If the file is not writable */
Home | Imprint | This part of the site doesn't use cookies.