The Photon operating system must set the "umask" parameter correctly.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256583 | SRG-OS-000480-GPOS-00228 | PHTN-30-000114 | SV-256583r991590_rule | 2024-12-16 | 1 |
Description
The "umask" value influences the permissions assigned to files when they are created. The "umask" setting in "login.defs" controls the permissions for a new user's home directory. By setting the proper "umask", home directories will only allow the new user to read and write files there.
ℹ️ Check
At the command line, run the following command:
# grep ^UMASK /etc/login.defs
Example result:
UMASK 077
If "UMASK" is not configured to "077", this a finding.
Note: "UMASK" should only be specified once in login.defs.
✔️ Fix
Navigate to and open:
/etc/login.defs
Ensure the "UMASK" line is uncommented and set to the following:
UMASK 077