Servers – Verify Default User Umask

Support > Fixing Checks > Server

06 March, 2026

This check ensures that default user umask is configured to 027 or more restrictive.

The umask setting defines default permissions for newly created files and directories. A secure umask prevents unauthorized users from accessing sensitive files by default.

Check Details

Resource: Server
Check: Verify Default User Umask
Risk: Weak umask values may allow unauthorized users to read or modify files created by others.

Remediation Steps

Open a terminal session on the server with root or sudo privileges.
Edit the Bash configuration file:
```
sudo nano /etc/bash.bashrc
```
Add or modify the following line:
```
umask 027
```
Edit the global profile file:
```
sudo nano /etc/profile
```
Add or modify the following line:
```
umask 027
```
Create or edit the umask configuration file:
```
sudo nano /etc/profile.d/umask.sh
```

Add the following content:

#!/bin/bash
# Set default umask for all users
umask 027

Make the script executable:
```
sudo chmod +x /etc/profile.d/umask.sh
```
Re-login or restart the system to apply changes.
Verify the configuration again using the audit commands.

Other Articles

Servers – Verify Default User Umask

Check Details

Remediation Steps