RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.

Information

The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 700 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be '0'. This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.

Solution

Remove the umask statement from all local interactive user's initialization files.

If the account is for an application, the requirement for a umask less restrictive than '077' can be documented with the Information System Security Officer, but the user agreement for access to the account must specify that the local interactive user must log on to their account first and then switch the user to the application account with the correct option to gain the account's environment variables.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4), CAT|II, CCI|CCI-000318, CCI|CCI-000368, CCI|CCI-001812, CCI|CCI-001813, CCI|CCI-001814, Rule-ID|SV-204488r603261_rule, STIG-ID|RHEL-07-021040, STIG-Legacy|SV-86673, STIG-Legacy|V-72049, Vuln-ID|V-204488

Plugin: Unix

Control ID: 9a0caedc1215400b803d8b16f0295ada0b664cfb4fa25321d86a6937871e5415