Bug 1412762
Summary: | Xsession creation of XDG user directories does not honor system umask policy | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | ross tyler <retyler> |
Component: | xdg-user-dirs | Assignee: | Ray Strode [halfline] <rstrode> |
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | dmoppert, dsirrine, fweimer, mclasen, rstrode, tpelka |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | xdg-user-dirs-0.15-5.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 15:04:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1420851, 1479818 |
Description
ross tyler
2017-01-12 17:52:38 UTC
This issue is a CAT II STIG finding for the RHEL 7 STIG. This is causing systems that must maintain STIG to fail the check. STIG Finding[0]: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Group ID (Vulid): V-71995 Group Title: SRG-OS-000480-GPOS-00228 Rule ID: SV-86619r1_rule Severity: CAT II Rule Version (STIG-ID): RHEL-07-020240 Rule Title: The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. Vulnerability Discussion: Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access. Check Content: Verify the operating system defines default permissions for all authenticated users in such a way that the user can only read and modify their own files. Check for the value of the "UMASK" parameter in "/etc/login.defs" file with the following command: Note: If the value of the "UMASK" parameter is set to "000" in "/etc/login.defs" file, the Severity is raised to a CAT I. # grep -i umask /etc/login.defs UMASK 077 If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding. Fix Text: Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files. Add or edit the line for the "UMASK" parameter in "/etc/login.defs" file to "077": UMASK 077 CCI: CCI-000366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [0] http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0842 |