UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must configure a secure umask for all shells.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239153 PHTN-67-000082 SV-239153r675267_rule Medium
Description
A user's umask influences the permissions assigned to files that a user creates. Setting an appropriate umask is important to make sure that information is not exposed to unprivileged users.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42364r675265_chk )
At the command line, execute the following command:

# cat /etc/profile.d/umask.sh

Expected result:

# By default, the umask should be set.
if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then
umask 002
else
umask 027
fi

If the output does not match the expected result, this is a finding.
Fix Text (F-42323r675266_fix)
Open /etc/profile.d/umask.sh with a text editor.

Set the contents as follows:

# By default, the umask should be set.
if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then
umask 002
else
umask 027
fi