S 4.20 Restrictive allocation of attributes for Unix user files and directories

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User, Administrator

The safeguards mentioned here are applicable to files and directories of the user (including email files).

The users should set the attributes of their files and directories in such a way that access by other users is prevented. If other users are to be allowed to access the files and directories, corresponding user groups should be created. For user-specific configuration files such as .profile, .exrc, .login, .cshrc, only the respective owner should have access rights.

On Unix systems, diverse programs are characterised by user-specific configuration files such as .exrc, .emacs, or .mailrc executed automatically and setting variables and options for the user upon program retrieval. In order to prevent Trojan horses from being installed in these files, only the respective owner should be granted access rights. The .exrc file is read before the editors ex or vi are started. If the directory contains an eponymous file, this file is evaluated in some Unix versions. All Unix versions used must be checked regarding this so that the operating system command can be executed during each editor retrieval.

The s-bit should only be set if absolutely required. For Shell scripts, the s-bit must not be set. The s-bit should only be set upon consultation with the administrator and the necessity must be justified and documented.

umask

Using umask (user file creation mode mask), it is defined for each user which attributes for governing the access rights are assigned to a file he/she has newly created. In the user-specific configuration files such as /etc/profile or the $HOME/.profile files, umask = 0027 (-rw-r-----) or umask = 0077 (-rw-------) should be set so that the file attributes for newly created files only grant access rights to the creator (and possible the group).

Email files

The attributes of the email files should be checked regularly as to whether only the respective owner may access the files. The integrity of the attributes set for Unix user files and directories should be verified regularly, e.g. using Tripwire (see also S 4.26 Regular security checks of Unix systems).

Review questions:

• Do the users know that they should set the attributes of files and directories in such a way that third party accesses by other users are prevented?
• Are only the respective owners granted rights regarding user-specific configuration files (for example .profile, .exrc)?
• Have the user-specific configuration files been set in such a way (umask) that the file attributes for newly created files only grant access rights to the creator (and possibly the group)?
• Is the granting of rights and/or attributes for user files and directories checked regularly?