Description of problem:
When applying the ansible or bash remediation for rule:
The file /etc/tmux.conf has permissions 600 for root user because of a previous rule.
- From ansible doc:
If mode is not specified and the destination filesystem object does not exist, the default umask on the system will be used when setting the mode for the newly created filesystem object.
- And we can see in the same STIG guide (http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-stig.html#!) that umask must be set to 077:
Ensure that Users Have Sensible Umask Values Group contains 5 rules
Group Ensure that Users Have Sensible Umask Values Group contains 5 rules http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-stig.html#xccdf_org.ssgproject.content_group_user_umask
Then all normal user will have a message "/etc/tmux.conf: Permission denied" and 'stuck' for 2.5 minutes when login.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. apply stig ansible role https://github.com/RedHatOfficial/ansible-role-rhel8-stig
2. login with non root user
- /etc/tmux.conf with wrong permissions
- Message "/etc/tmux.conf: Permission denied" with delay to have the prompt
- right permissions and no delay to login
PR has been opened in upstream https://github.com/ComplianceAsCode/content/pull/9080
The PR https://github.com/ComplianceAsCode/content/pull/9080 has been merged upstream.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.