7.4 Set Default File Creation Mask for FTP Users

Information

If FTP is permitted, set a strong, default file creation mask to apply to files created by the FTP server.

Many users assume that the FTP server will use their system file creation mask; generally it does not. This setting ensures that files transmitted over FTP use a strong file creation mask.

Solution

Perform the following to implement the recommended state:
# cd /etc
# if [ "`grep '^Umask' proftpd.conf`" ]; then
awk '/^Umask/ { $2 = "027" } { print }' proftpd.conf > proftpd.conf.CIS
mv proftpd.conf.CIS proftpd.conf
else
echo "Umask 027" >> proftpd.conf
fi

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4)(d)

Plugin: Unix

Control ID: f0ebb02d563083d8e907e0d30f0117854aecb08e0f47acaba2459805616d49a5