The default umask for FTP users must be 077.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216107 | SOL-11.1-040260 | SV-216107r959010_rule | Low |
| Description |
| Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions. |
| STIG | Date |
| Solaris 11 X86 Security Technical Implementation Guide | 2025-05-05 |
Details
| Check Text (C-17345r372703_chk) |
| The package service/network/ftp must be installed for this check. # pkg list service/network/ftp If the output of this command is: pkg list: no packages matching 'service/network/ftp' installed no further action is required. Determine if the FTP umask is set to 077. # egrep -i "^UMASK" /etc/proftpd.conf | awk '{ print $2 }' If 077 is not displayed, this is a finding. |
| Fix Text (F-17343r372704_fix) |
| The root role is required. # pkg list service/network/ftp If the output of this command is: pkg list: no packages matching 'service/network/ftp' installed no further action is required. Otherwise, edit the FTP configuration file. # pfedit /etc/proftpd.conf Locate the line containing: Umask Change the line to read: Umask 077 |