[ Thanks to Benjamin
D. Thomas for this link. ]
“The umask command controls the default file and directory
creation mode for newly-created files and directories. It is
recommended that you make root’s umask 077, which will disable
read, write, and execute permission for other users, unless
explictly changed using chmod.”
“The umask command can be used to determine the default file
creation mode on your system. It is the octal complement of the
desired file mode. If files are created without any regard to their
permissions settings, a user could inadvertently give read or write
permission to someone that should not have this permission.”
“The umask for the creation of new executable files is
calculated as follows:
777 Default Permissions -022 Subtract umask value, for example ----- 755 Allowed Permissions
So in this example we chose 022 as our umask. This shows us that
new executables that are created are given mode 755, which means
that the owner can read, write, and execute the binary, while
members of the group to which the binary belongs, and all others,
can only read and execute it.”