API tools faq
paste
Advertisement
Guest User

dongs

a guest
Jul 28th, 2017
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.29 KB | None | 0 0
raw download clone embed print report
  1.  
  2. How to change the umask for daemons in Red Hat Enterprise Linux
  3. Solution Verified - Updated February 23 2013 at 9:22 PM - English
  4. Environment
  5.  
  6. Red Hat Enterprise Linux 5 and 6 (RHEL)
  7. initscripts rpm package
  8.  
  9. Issue
  10.  
  11. A security audit says that, the log files created by the daemons are world readable. This needs to be changed as world non-readable or in other words from permission 644 to permission 640.
  12.  
  13. How to change the umask for daemons. This is not about system umask which can be changed from /etc/profile or /etc/.bashrc. We are talking about the umask value inherited by the daemons like httpd, postfix etc.
  14.  
  15. Resolution
  16.  
  17. Firstly, if the daemon for which we want to set up umask 027, uses the daemon() function from the '/etc/init.d/functions' file, then changing the value in that file will have an effect. But there are daemons too who do not use that function. For them, it is necessary to put a specific line of umask 027 in the initscript of the daemon, like in /etc/rc.d/init.d/<daemoon-name> file.
  18.  
  19. In both of these situations, the daemon should be restarted.
  20.  
  21. Also there are certain daemons who set up umask for themselves. So, if it is found that any daemon is not inheriting the umask, it will be necessary to further research on the init script of the daemon.
  22.  
  23. The daemon() function will start with something like this line. This is tested on RHEL6.
  24. Raw
  25.  
  26. # A function to start a program.
  27. daemon() {
  28.  
  29. In the init script of httpd, it is obvious that the daemon function is used to start httpd:
  30. Raw
  31.  
  32. [root@localhost ~]# grep daemon /etc/rc.d/init.d/httpd
  33. LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
  34.  
  35. So, changing the value in '/etc/init.d/functions' will work for this.
  36.  
  37. But for the daemon of postfix, it doesn't source that function.
  38. Raw
  39.  
  40. [root@localhost ~]# grep daemon /etc/rc.d/init.d/postfix
  41. # Start daemons.
  42. # Stop daemons.
  43.  
  44. It is necessary to put umask 027 in the init script for this daemon as in /etc/rc.d/init.d/<daemon-name>.
  45.  
  46. Also, updating the initscripts package, will cause the umask value in '/etc/init.d/functions' file to be changed. It is marked as a regular file and not a configuration file.
  47. Root Cause
  48.  
  49. It is all about how the daemon is started. We need the daemon initscript file to be checked.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!