Detections
Analytics

5.4.3.6 Ensure the operating system defines default permissions for all authenticated users in such a way that the user can only read and modify their own files

Information

The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.

Solution

Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

Add or edit the line for the "UMASK" parameter in "/etc/login.defs" file to "077":

UMASK 077

See Also

https://workbench.cisecurity.org/benchmarks/19886

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CSCv7|14.6, Rule-ID|SV-230383r627750_rule, Vuln-ID|V-230383

Plugin: Unix

Control ID: f08e8c9532736b1054a021d835612ec6c224d936761e5e7be3a55a28cf0bbaba