Umask recommendation

Posted on 2006-03-20
Last Modified: 2013-11-17
What is the "generally accepted" recommendation for the system umask setting for an AIX 5.3 system ?  

Our non technical auditors are recommending 026.
Question by:andersonbw
    LVL 1

    Accepted Solution

    There is no real generally accepted umask, it really depends on how secure you want to make your own system.

    The default of 022 is pretty open, and will allow everyone on the system to access and list directories and read files.

    For tighter security you should make the umask 027 or 077 (default is set in /etc/security/user).
    LVL 61

    Assisted Solution

    Absolute minimum is 002 - no write by unknown
    Some use 027 - no write for group, no access to others.
    026 has no big advantage over 027 - it gives others ability to execute your programs, which is impractical at best.
    I do use 002 because users need to change some files in g+s directories, and all users are trusted to the degree to allow accessing any file when needed.
    LVL 61

    Expert Comment

    No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
    I will leave the following recommendation for this question in the Cleanup topic area:

    http:/Q_21781352.html > Split between anix1 http:#16246168 and gheist http:#16252836

    Any objections should be posted here in the next 4 days. After that time, the question will be closed.

    EE Cleanup Volunteer

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
    Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    This tutorial goes over how to archive and restore FreeBSD jails that are managed by ezjail.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now