Validating Linux umask setting

The umask setting determines the permissions of newly created files and directories. You must validate that the umask value is set to 0022 prior to installation.

About this task

IBM® Counter Fraud Management (ICFM) contains several components, which require a umask value of 0022 during installation. ICFM must also be installed using the root user ID. This combination (umask value and user ID) is the default setting for many Linux distributions. However, a local system administrator might change the umask value.
You must ensure that the umask for the root account and all newly created users is set to the system default of 0022 on all servers for the duration of the ICFM installation. After installation is completed, you can modify the umask value to be more restrictive or permissive, as required. Note that the higher the umask value, the more restrictive it is; for example, 027 is more restrictive than 022.
CAUTION:
Setting restrictive umask values greater than 022 (for example, 077) may result in installation failures or runtime errors.

Procedure

To test the default umask value for root prior to installation:

Note: Perform these steps on all servers in a three server topology.

  1. Open a Terminal window and log in as the root user, or enter sudo su root to become root. If logged in as another user, enter sudo su root -c umask.
  2. For new users only, enter the following command to create a test user: 
    useradd -m -U testumask
    Then create a new login shell to become the new user: 
    su - testumask
  3. From the Terminal prompt, enter the following command: 
    umask
  4. If the value returned is not 0022, 022, or 0002, consult your System Administrator to have the value set back to the default. On RHEL version 6.x, the default umask is stored in the /etc/bashrc file, where the umask for user accounts with UIDs of 200 and above is 002 and UIDs less than 200 (typically administrator and system accounts) is 022.
    Note: The umask value is usually set in one of the following locations:
    /etc/profile
/etc/bashrc
/etc/.bash_profile
/root/.bashrc
/root/.bash_profile
  5. Return to the root prompt and enter the following command: 
    exit
  6. For new users only, delete the test user created in Step 2 as follows: 
    userdel -r testumask