Linux, Unix, and *nix like Operating Systems Forum

It's irrelevant, unless you are on shared hosting and want to protect your scripts from being seen by other shared hosting customers.

I hope you meant 600.

644 would give read/write permission to you, and read permission to anyone else.

The corresponding umask for 600 permissions is 0177. umask 0177 will cause all new files where permission are not explicitly set to have permission 600.

Beware of programs that explicitly set permissions! umask alone is not enough.

BTW, I always use the "modern" permission notation to avoid confusion:

chmod u=rw somefile

Sets read and write permissions for the user, and clears all others - equivalent to 600.

Unfortunately, there is no alternate syntax for the umask command.

Permissions can be set for three contexts:

User - you, your user ID
Group - your group, any user ID in your group
Other - any other user ID not in your group

Groups are rather arbitrary and can represent anything. If you are on shared hosting, you have no control over this. The group might be "customer", different customer classes, or, more securely, they might create a group for each customer equal to your user ID.

Within each context, you can control read, write, and execute permission.

In the "old style" notation system, an octal digit represents the permission bits for each of user, group, and other. A 3-digit octal number represents all of the permission bits. The bits in each digit represent read, write, and execute in that order.

0ugo, replace each of ugo with an octal digit

Within each digit:

1 = execute
2 = write
4 = read

Thus 4 = read permission
6 = read/write permission
Etc.

umask is the 1's compliment of the bits that you do NOT want to be set when you create a file with default permissions. That is, you set a bit in the umask for each permission bit you do NOT want set.

Keep in mind that this has NOTHING (OK, little) to do with whether the outside world can see your files. The outside world can see your files if your web server has permission to read the files, and is configured to allow access to the file.

Depending on how the web server is configured, you MIGHT be able to use Unix permissions to deny access to the web server. But web servers have their own permission system additionally for granting access to the outside world that has nothing to do with this, and doesn't work the same way.

And, sorry, that does point out an error in my initial response: 600 might not be appropriate on all shared hosts - depends on what user/group the web server operates as. If the server runs as root, it has access to all of your files, no matter what you do. If it doesn't run as root, you will need to grant to appropriate permissions. This is a site configuration issue which will vary, and you will just have to follow the advice of your host.