Title

The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. (Cat II impact)

Discussion

Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access. Satisfies: SRG-OS-000480-GPOS-00228

Check Content

Verify the operating system defines default permissions for all authenticated users in such a way that the user can only read and modify their own files. If it does not, this is a finding. $ grep umask /etc/login.conf Ensure the umask is set to 077 or more restricted. $ grep umask /etc/profile Ensure the /etc/login.conf umask isn't overridden.

Fix Text

Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

Additional Identifiers

Rule ID:

Vulnerability ID: V-2280

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.