Information
The umask of the ftp service should be set to at least 027 in order to prevent the FTP daemon process from creating world-accessible, group-writeable files by default.
Rationale:
The umask of the ftp service should be set to at least 027 in order to prevent the FTP daemon process from creating world-accessible and group-writeable files by default. These files could then be transferred over the network which could result in compromise of the critical information.
Solution
Set the default umask of the ftp daemon:
[[ $(grep -c '^ftp[[:blank:]]' /etc/inetd.conf) -gt 0 ]] && chsubserver -c -v ftp -p tcp 'ftpd -l -u 027' && refresh -s inetd || RC=0'
NOTE: The umask above restricts write permissions for both group and other. All access for other is removed.
Default Value:
/usr/sbin/ftpd ftpd -l