How to set umask for Docker container


Once you run a Docker container using docker run and get a shell inside it, you can set the file creation mode mask there with the umask command of the shell. This is usually 0022 and you can set it to whatever you want. All consecutive operations at the shell and child processes forked from the shell will have with umask.

What if you don’t want to manually type this umask command, but want it set automatically in the container?


  • Note that there is no way to do this directly in the Dockerfile. You can have a RUN umask 0002 command in the Dockerfile, but that does not have any effect for when you run the container.

  • You might think you can set this in the command that is passed at the end of a docker run like this:

$ docker run -it --rm some_image "umask 0000; /bin/bash"

This does not work either. The umask is back to the normal one in the shell. There is no other way to specify umask directly in a docker run as discussed here.

  • One solution is to create a shell script that sets this umask:
$ cat
umask 0002

To be able to run this script when the container is run, we first need to make this executable:

$ chmod +x

Next we add commands to the Dockerfile to copy this into the image and make the script as the entry point:


Build the container and run it and see your umask already enabled at the shell!

  • A final solution is to set the umask in the application you plan to run inside Docker. This is a foolproof way to ensure that the umask is obeyed.

One thought on “How to set umask for Docker container

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.