openstack/ansible-hardening
Code Issues Proposed changes
Files
83fe89e0c8dead796f33e42d81f01f45e78a1419
ansible-hardening/doc/metadata/rhel7/RHEL-07-021060.rst
Major Hayden 83fe89e0c8 [Docs] Exception for user init file umask 
Changing user initialization files in their home directories can be
disruptive. This patch adds docs to explain that.

Implements: blueprint security-rhel7-stig
Change-Id: I4ea76bc0bb27723788d9c0425f45b0b39aceea82
2016-12-05 13:52:32 -06:00

14 lines
486 B
ReStructuredText
Raw Blame History

---
id: RHEL-07-021060
status: exception - manual intervention
tag: file_perms
---
Although the STIG requires that all local interactive user accounts have a
umask of ``077``, this change can be disruptive for users and the applications
they run. This change cannot be applied in an automated way.
Deployers should review user initialization files regularly to ensure that the
umask is not specified. This allows the system-wide setting of ``077`` to be
applied to all user sessions.
View Git Blame Copy Permalink