The umask command sets or displays your default mode for creating files and directories: whether they are readable, writable, and/or executable by yourself, your group, and the world.

$ umask
0002
$ umask -S
u=rwx,g=rwx,o=rx

Let’s start with some technical talk and follow with common-sense advice. A umask is a binary (base two) value, though it is commonly presented in octal (base eight). It defines your default protection mode by combining with the octal value 0666 for files and 0777 for directories, using the binary operation NOT AND. For example, the umask 0002 yields a default file mode of 0664:

0666 NOT AND 0002
= 000110110110 NOT AND 000000000010
= 000110110110 AND 111111111101
= 000110110100
= 0664

Similarly for directories, 0002 NOT AND 0777 yields a default mode of 0775.

If that explanation seems from outer space, here are some simple recipes. Use mask 0022 to give yourself full privileges, and all others read/execute privileges only:

$ umask 0022
$ touch newfile && mkdir dir
$ ls -ld newfile dir
-rw-r--r--    1 smith smith        0 Nov 11 12:25 newfile
drwxr-xr-x    2 smith smith     4096 Nov 11 12:25 dir

Use mask 0002 to give yourself and your default group full privileges, and read/execute to others:

$ umask 0002
$ touch newfile && mkdir dir
$ ls -ld newfile dir
-rw-rw-r--    1 smith smith        0 Nov 11 12:26 newfile
drwxrwxr-x    2 smith smith     4096 Nov 11 12:26 dir

Use mask 0077 to give yourself full privileges with nothing for anyone else:

$ umask 0077
$ touch newfile && mkdir dir
$ ls -ld newfile dir
-rw-------    1 smith smith        0 Nov 11 12:27 newfile
drwx------    2 smith smith     4096 Nov 11 12:27 dir