7.6 Set Default umask for Users, Check if 'UMASK' is set to 077.

Information

The default umask(1) determines the permissions of files created by users. The user creating the file has the discretion of making their files and directories readable by others via the chmod(1) command. Users who wish to allow their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard shell configuration files (.profile, .cshrc, etc.) in their home directories.

Solution

Please refer to the remediation steps on page 106 of the CIS document.

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4)(d)

Plugin: Unix

Control ID: 0fc8a636be06be7b5c1934f9b8bf1f425c2ed4044fccaf08f0a7052a41c05c09