We help IT Professionals succeed at work.

Umask recommendation

andersonbw
andersonbw asked
on
Medium Priority
736 Views
Last Modified: 2013-11-17
What is the "generally accepted" recommendation for the system umask setting for an AIX 5.3 system ?  

Our non technical auditors are recommending 026.
Comment
Watch Question

Commented:
There is no real generally accepted umask, it really depends on how secure you want to make your own system.

The default of 022 is pretty open, and will allow everyone on the system to access and list directories and read files.

For tighter security you should make the umask 027 or 077 (default is set in /etc/security/user).

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Top Expert 2015
Commented:
Absolute minimum is 002 - no write by unknown
Some use 027 - no write for group, no access to others.
026 has no big advantage over 027 - it gives others ability to execute your programs, which is impractical at best.
I do use 002 because users need to change some files in g+s directories, and all users are trusted to the degree to allow accessing any file when needed.
Top Expert 2015

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:

http:/Q_21781352.html > Split between anix1 http:#16246168 and gheist http:#16252836

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

gheist
EE Cleanup Volunteer
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.