What does the command 'umask' control in a Linux system?

The command 'umask' in a Linux system specifically controls the default file permissions for newly created files and directories. When a new file or directory is created, the 'umask' value determines which permission bits will be disabled or masked out from the default permissions that would typically be assigned.

In Linux, when a new file is created, it generally receives default permissions according to specific rules (typically 666 for files and 777 for directories). The 'umask' value defines which of these permissions are not granted, effectively determining the "allowable" permissions for any new files or directories created by a user. For example, if a user has a 'umask' of 022, writable permissions for the group and others will be removed, resulting in file permissions of 644 for new files instead of the default 666.

This command is particularly useful in multi-user environments where controlling permissions can enhance security by ensuring that users do not inadvertently grant broad access rights to their files.