Merge pull request #282 from ArrayBolt3/arraybolt3/umask

Enable umask hardening
2025-08-06 15:34:20 -04:00 · 2024-12-19 00:08:56 -05:00 · 2024-12-19 00:08:56 -05:00 · 4cf5757575
commit 4cf5757575
parent 9d06341c91 1708a03e1e
3 changed files with 22 additions and 5 deletions
--- a/usr/share/pam-configs/umask-security-misc
+++ b/usr/share/pam-configs/umask-security-misc
@ -0,0 +1,8 @@
+Name: Restrict umask to 027 (by package security-misc)
+Default: yes
+Priority: 100
+Session-Type: Additional
+Session-Interactive-Only: yes
+Session:
+	[success=1 default=ignore]	pam_succeed_if.so uid eq 0
+	optional	pam_umask.so umask=027