Ubuntu 22.04

Ubuntu 22.04 LTS default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files

STIG ID: UBTU-22-412035 | SRG: SRG-OS-000480-GPOS-00228 | Severity: Medium | CCI: CCI-000366 | Vulnerability ID: V-260555

Description

Setting the most restrictive default permissions ensures newly created accounts do not have unnecessary access.

Check

C-64284r953476_chk

Verify Ubuntu 22.04 LTS defines default permissions for all authenticated users in such a way that the user can read and modify only their own files by using the following command: $ grep -i '^\s*umask' /etc/login.defs UMASK 077 If the "UMASK" variable is set to "000", this is a finding with the severity raised to a CAT I.If "UMASK" is not set to "077", is commented out, or is missing, this is a finding.

Fix

F-64192r953477_fix

Configure Ubuntu 22.04 LTS to define the default permissions for all authenticated users in such a way that the user can read and modify only their own files. Add or modify the following line in the "/etc/login.defs" file: UMASK 077