← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-216341

CAT II (Medium)

The default umask for system and users must be 077.

Rule ID

SV-216341r959010_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions.

Check Content

The root role is required.

Determine if the default umask is configured properly.

# grep -i "^UMASK=" /etc/default/login

If "UMASK=077" is not displayed, this is a finding.

Check local initialization files:
# cut -d: -f1 /etc/passwd | xargs -n1 -iUSER sh -c "grep umask ~USER/.*"

If this command does not output a line indicating "umask 077" for each user, this is a finding.

Fix Text

The root role is required.

Edit local and global initialization files containing "umask" and change them to use 077.

# pfedit /etc/default/login

Insert the line
UMASK=077

# pfedit [user initialization file]

Insert the line
umask 077