Author: Benjamin D. Thomas
squid, mozilla, common-lisp, turqstat, slib, umb-scheme, psmisc, gtk, file,
subversion, unzip, e2fsprogs, selinux-policy-targeted, firefox, mozilla, vte,
xdelta, tvtime, dhcp, gnupg, util-linux, mc, libwnck, pcre, exim, and squid.
The distributors include, Debian, Fedora, Gentoo, and Red Hat.Using umask
The umask can be used to control the default file permission on
newly-created files. The umask command controls the default file
and directory creation mode for newly-created files and directories.
It is recommended that you make root’s umask 077, which will disable
read, write, and execute permission for other users, unless explictly
changed using chmod.
The umask command can be used to determine the default file creation
mode on your system. It is the octal complement of the desired file
mode. If files are created without any regard to their permissions
settings, a user could inadvertently give read or write permission
to someone that should not have this permission.
The umask for the creation of new executable files is calculated as
follows:
777 Default Permissions -022 Subtract umask value, for example ----- 755 Allowed Permissions
So in this example we chose 022 as our umask. This shows us that
new executables that are created are given mode 755, which means
that the owner can read, write, and execute the binary, while members
of the group to which the binary belongs, and all others, can only
read and execute it.
The umask for the creation of new text files is calculated as
follows:
666 Default Permissions -022 Subtract umask mask, for example ----- 644 Allowed Permissions
This example shows us that given the default umask of 666, and
subtracting our sample umask value of 022, new text files are
created with mode 644, which states that the owner can read and
write the file, while members of the group to which the file
belongs, and everyone else can only read the new file. Typically
umask settings include 022, 027, and 077, which is the most
restrictive. Normally the umask is set in /etc/profile, so it
applies to all users on the system. The file creation mask must
be set while keeping in mind the purpose of the account.
Permissions that are too restrictive may cause users to start
sharing accounts or passwords, or otherwise compromise security.
For example, you may have a line that looks like this:
# Set the user’s default umask
umask 033
Be sure to make root’s umask to at least 022, which will
disable write and execute permission for other users, unless
explicitly changed using chmod(1).
READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/117255/141/
Debian: New Apache packages fix HTTP request smuggling | ||
8th, September, 2005
|
||
Debian: New kdelibs packages fix backup file information leak | ||
8th, September, 2005
|
||
Debian: New Apache2 packages fix several vulnerabilities | ||
8th, September, 2005
|
||
Debian: New cvs packages fix insecure temporary files | ||
9th, September, 2005
|
||
Debian: New mod_ssl packages fix acl restriction bypass | ||
12th, September, 2005
|
||
Debian: New tdiary packages fix Cross Site Request Forgery | ||
12th, September, 2005
|
||
Debian: New squid packages fix several vulnerabilities | ||
13th, September, 2005
|
||
Debian: New Mozilla packages fix several vulnerabilities | ||
13th, September, 2005
|
||
Debian: New common-lisp-controller packages fix arbitrary code injection | ||
14th, September, 2005
|
||
Debian: New turqstat packages fix buffer overflow | ||
15th, September, 2005
|
||
Debian: New centericq packages fix several vulnerabilities | ||
15th, September, 2005
|
||
Fedora Core 4 Update: slib-3a1-3.fc4 | ||
8th, September, 2005
|
||
Fedora Core 4 Update: umb-scheme-3.2-39.fc4 | ||
8th, September, 2005
|
||
Fedora Core 4 Update: psmisc-21.5-5 | ||
8th, September, 2005
|
||
Fedora Core 4 Update: glib2-2.6.6-1 | ||
8th, September, 2005
|
||
Fedora Core 4 Update: gtk2-2.6.10-1 | ||
8th, September, 2005
|
||
Fedora Core 4 Update: file-4.15-fc4.1 | ||
9th, September, 2005
|
||
Fedora Core 4 Update: subversion-1.2.3-2.1 | ||
9th, September, 2005
|
||
Fedora Core 3 Update: unzip-5.51-4.fc3 | ||
9th, September, 2005
|
||
Fedora Core 4 Update: util-linux-2.12p-9.10 | ||
9th, September, 2005
|
||
Fedora Core 4 Update: e2fsprogs-1.38-0.FC4.1 | ||
9th, September, 2005
|
||
Fedora Core 4 Update: selinux-policy-targeted-1.25.4-10.1 | ||
9th, September, 2005
|
||
Fedora Core 3 Update: e2fsprogs-1.38-0.FC3.1 | ||
9th, September, 2005
|
||
Fedora Core 4 Update: firefox-1.0.6-1.2.fc4 | ||
10th, September, 2005
|
||
Fedora Core 3 Update: firefox-1.0.6-1.2.fc3 | ||
10th, September, 2005
|
||
Fedora Core 4 Update: mozilla-1.7.10-1.5.2 | ||
10th, September, 2005
|
||
Fedora Core 3 Update: mozilla-1.7.10-1.3.2 | ||
10th, September, 2005
|
||
Fedora Core 3 Update: vte-0.11.14-3.fc3 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: vte-0.11.14-3.fc4 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: slib-3a1-4.fc4 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: xdelta-1.1.3-17.fc4 | ||
12th, September, 2005
|
||
Fedora Core 3 Update: xdelta-1.1.3-16.fc3 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: tvtime-1.0.1-0.fc4.1 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: evolution-data-server-1.2.3-3.fc4 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: openssh-4.2p1-fc4.1 | ||
12th, September, 2005
|
||
Fedora Core 4 Update: dhcp-3.0.2-22.FC4 | ||
13th, September, 2005
|
||
Fedora Core 3 Update: gnupg-1.2.7-1 | ||
14th, September, 2005
|
||
Fedora Core 4 Update: util-linux-2.12p-9.11 | ||
14th, September, 2005
|
||
Fedora Core 3 Update: mc-4.6.1-2.FC3 | ||
14th, September, 2005
|
||
Fedora Core 3 Update: util-linux-2.12a-24.5 | ||
14th, September, 2005
|
||
Fedora Core 4 Update: mc-4.6.1a-0.12.FC4 | ||
14th, September, 2005
|
||
Fedora Core 4 Update: libwnck-2.10.3-1 | ||
14th, September, 2005
|
||
Gentoo: X.Org Heap overflow in pixmap allocation | ||
12th, September, 2005
|
||
Gentoo: Python Heap overflow in the included PCRE library | ||
12th, September, 2005
|
||
RedHat: Moderate: pcre security update | ||
8th, September, 2005
|
||
RedHat: Moderate: exim security update | ||
8th, September, 2005
|
||
RedHat: Critical: firefox security update | ||
9th, September, 2005
|
||
RedHat: Critical: mozilla security update | ||
9th, September, 2005
|
||
RedHat: Important: XFree86 security update | ||
12th, September, 2005
|
||
RedHat: Important: xorg-x11 security update | ||
13th, September, 2005
|
||
RedHat: Important: XFree86 security update | ||
15th, September, 2005
|
||
RedHat: Important: squid security update | ||
15th, September, 2005
|
||