Revise umask in /etc/init.d/functions to use 027

Comments

As part of our configuration standard, we restrict user accounts to a 027 umask (by way of /etc/profile.d). Daemons and boot-time processes that source /etc/init.d/functions, however, get a more permissive umask of 022.

NIST recommends setting the daemon umask to 027 (REHL5: http://nvd.nist.gov/scap/content/stylesheet/scap-rhel5-document.htm).

I would like to see the more restrictive umask used by default.

Failing that, I would like to see a way (via /etc/sysconfig ?) to allow the administrator to define the system umask without having to edit /etc/init.d/functions. That file (correctly) is not identified by RPM as a configuration file, so any local changes to that file will get clobbered the next time the initscripts package is updated.

Started 2012-10-01T16:20:31+00:00 by

merrils1

Community Member 44 points

Select Your Language

Revise umask in /etc/init.d/functions to use 027

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links