umask is a unix command that sets the default file permissions for all newly created files and directories. It can be used to control the default file permission for new files.
This little blurb assumes that you understand the numeric mode of file permissions. That is, if someone tells you to make sure a file has permission 644, you’d be able to do that.
New directories have a default permission of 777, and files have a default permission of 666. Since that is wide open to the world, we to make it more secure.
This is where the umask command can help. The umask command automatically runs a chmod on newly created files. When a new file is created, the umask is subtracted from the permissions.
If we have a umask of 022 (pretty standard on most Linux distributions). When we create new directories, they end up with permissions of 755 (777 – 022 = 755). When we create new files, they end up with default permissions of 644 (666 – 022 = 644).
Here is another example of setting a more secure umask — 027. We do this by issuing the command umask 027. Now, newly created directories have permissions 750 (777 – 027 = 750), and newly created files will have 640 (666 – 027 = 640).
umask is typically run when the user logs in to the system, and is typically found in the /etc/profile shell script. Your system may be a little different.
also see: http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html