Which umask is more secure in Linux ( 022 or 027)?
7,872
027 is better from security perspective.
Even better is to use 077 for root.
With 027 mask, when root creates a file, it can be read and executed by users who belongs to the group of the file.
With 077 mask, only root can read write and execute files.
Why is 077 better?
- because by making files belonging to user readeable by root only, it avoids some common system administrator mistakes.
- because it's harder for an attacker to run privilege escalation only poorly written shell scripts/binaries if they can't even read it.
Related videos on Youtube
Author by
Mathews Jose
Love Coding,Debugging and learning new things. Favourite technical domains are Unix,Shell,Bash,Scripting ,Oracle,SQL,PLSQL. Main hobbies : Reading Novels, Short stories ,English Tv Shows , Movies , Music , Chess
Updated on September 18, 2022Comments
-
Mathews Jose almost 2 years
Is there any security concerns if the umask is set to 027 for root (Basically I want to know if 027 is better in security than 022 ) ?
As per my understanding 027 is a better one from security perspective . But I want to confirm this point .