umask (0077)

Message

SRC_DoD · Post by **SRC_DoD** » Thu Jun 07, 2007 4:19 pm

my security requirements are that the system's default umask must be 77. by changing 022 to 077 in /etc/bashrc is this going to make the system to restrictive to function correctly?

lost+found · Post by **lost+found** » Thu Jun 07, 2007 8:13 pm

I guess you're right, that it is too restrictive, if you take a look into /etc/group... If uid's added to a group can't do anything, some processes will crash or not even start at all...

Gentoo devs did things like this for a reason:

Code: Select all

...
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
...

But, of course, the best way to find out is to try...

SRC_DoD · Post by **SRC_DoD** » Fri Jun 08, 2007 12:16 pm

i tried it on some redhat boxes that i was locking down, and either the umask 077 was the cause or something else in the batch of fixes broke parts of the Gnome gui for all users save root.