Logic Change: Solaris UMASK Controls

Document created by malderman on Jul 1, 2011
Version 1Show Document
  • View in full screen mode

During a review of Solaris controls, we identified four CIDs that have not been converted from "integer" data type to "list string" data type.  The current "integer" data type does not allow you to modify the umask value with a leading "0" (i.e., 067).  The following controls will be converted on July 15:


CID     Statement

3371    Status of the 'UMASK' setting in '/etc/profile' 

3372    Status of the 'UMASK' setting in '/etc/default/login'

3374    Permissions set for the 'UMASK' setting in the '/etc/.login' directory

3589    Status of the 'defumask' setting in the '/etc/ftpd/ftpaccess' file


After the conversion, the default value will be "umask 077".  This value will also be the expected value in your policies.  If you modified your expected value from the default value of "077", you will need to update your policies.  For example, if your expected value is "277", your new expected value should be updated to "umask 277".  Since these values are now "list string" data type, you can also use regular expressions in the expected values.