Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Alibaba Cloud Linux 2
System Settings
Account and Access Control
Secure Session Configuration Files for Login Accounts
Ensure that Users Have Sensible Umask Values
Ensure that Users Have Sensible Umask Values
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Ensure that Users Have Sensible Umask Values
The umask setting controls the default permissions for the creation of new files. With a default
umask
setting of 077, files and directories created by users will not be readable by any other user on the system. Users who wish to make specific files group- or world-readable can accomplish this by using the chmod command. Additionally, users can make all their files readable to their group by default by setting a
umask
of 027 in their shell configuration files. If default per-user groups exist (that is, if every user has a default group whose name is the same as that user's username and whose only member is the user), then it may even be safe for users to select a
umask
of 007, making it very easy to intentionally share files with groups of which the user is a member.
Sensible umask
Enter default user umask