English
English
umask() does not directly set file or directory permissions; instead, it uses a mask to limit the permission values. Every file and directory has default permissions when created, usually 666 for files and 777 for directories. umask() applies a bitwise AND operation to these default values to determine the actual permissions.
For example, calculating the final permissions involves applying the umask value to the default permissions 777. For instance:
Default directory permissions: 777
umask value: 022
The result is 755, meaning the directory permissions are rwxr-xr-x.
In PHP, you can set the process umask using the umask() function. Once set, any files or directories created by PHP will follow this umask. Typically, the umask should be set before creating a directory.
For example, the following code sets the umask to 0022, so directories created by PHP will have 755 permissions:
<span><span><span class="hljs-comment">// Set umask</span></span><span>
</span><span><span class="hljs-title function_ invoke__">umask</span></span><span>(</span><span><span class="hljs-number">0022</span></span><span>);
<p></span>// Create directory<br>
mkdir('new_directory');<br>
</span>In this example, the mkdir() function creates a directory with 755 permissions. The default 777 permissions minus the umask 022 results in the final directory permissions of 755.
When setting directory permissions, especially in public or shared server environments, overly permissive settings can create security risks. For example, setting a directory to 777 (fully open) allows anyone to read, write, and execute its contents, which is unsafe in many cases. To avoid such issues, it is recommended to use more conservative permissions, such as 755 or 750.
It is important to note that the mask set by umask() only affects files or directories created by the current process. Existing files or directories are not affected. To modify permissions of already created files or directories, use the chmod() function.
<span><span><span class="hljs-title function_ invoke__">chmod</span></span><span>(</span><span><span class="hljs-string">'existing_directory'</span></span><span>, </span><span><span class="hljs-number">0755</span></span><span>);
</span></span>In some PHP configurations (such as when Safe Mode is enabled or open_basedir is set), file and directory operations may be restricted. Even if you set permissions using umask(), these settings may impose limitations. Therefore, extra caution is required when using umask() in such environments.
In a web application that supports file uploads, uploaded files often require specific permissions. Using umask() allows control over file permissions at creation. For example, when handling user uploads, setting an appropriate umask ensures the files are not overly permissive:
<span><span><span class="hljs-comment">// Set umask to prevent files from having 777 permissions</span></span><span>
</span><span><span class="hljs-title function_ invoke__">umask</span></span><span>(</span><span><span class="hljs-number">0022</span></span><span>);
<p></span>// Handle uploaded file<br>
move_uploaded_file($tmp_name, $destination);<br>
</span>Web applications often use cache directories to store temporary data. To prevent malicious modification of these directories, an appropriate umask ensures they have correct permissions.
<span><span><span class="hljs-title function_ invoke__">umask</span></span><span>(</span><span><span class="hljs-number">0027</span></span><span>);
</span><span><span class="hljs-title function_ invoke__">mkdir</span></span><span>(</span><span><span class="hljs-string">'/path/to/cache'</span></span><span>, </span><span><span class="hljs-number">0775</span></span><span>);
</span></span>In this example, the cache directory is created with 775 permissions, allowing read and write access only to the owner and group members, while others cannot modify its contents.
