Merge pull request #14609 from ggbecker/change-file-permissions-text

Mab879 · web-flow · commit d17e5b5d2ce4 · 2026-03-31T11:20:27.000-05:00
Ensure dot files permissions are 0740 or less (remove only offending bits)
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -4,9 +4,9 @@ documentation_complete: true
 title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive'
 
 description: |-
-    Set the mode of the user initialization files to <tt>0740</tt> with the
+    Set the mode of the user initialization files to <tt>0740</tt> or less permissisive with the
     following command:
-    <pre>$ sudo chmod 0740 /home/<i>USER</i>/.<i>INIT_FILE</i></pre>
+    <pre>$ sudo chmod u-s,g-wxs,o= /home/<i>USER</i>/.<i>INIT_FILE</i></pre>
 
 rationale: |-
     Local initialization files are used to configure the user's shell environment
@@ -41,10 +41,10 @@ ocil: |-
     There should be no output.
 
 fixtext: |-
-    Set the mode of the local initialization files to "0740" with the following command:
+    Set the mode of the local initialization files to "0740" or less permissive with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of "/home/smithj".
 
-    $ sudo chmod 0740 /home/smithj/.
+    $ sudo chmod u-s,g-wxs,o= /home/smithj/.<i>INIT_FILE</i>
 
 srg_requirement: 'All {{{ full_name }}} local initialization files must have mode 0740 or less permissive.'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
@@ -4,10 +4,10 @@ title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive'
 
 description: |-
     Set the mode of the user initialization files, including the <tt>root</tt> user,
-    to <tt>0740</tt> with the following commands:
+    to <tt>0740</tt> or less permissisive with the following commands:
     <pre>
-    $ sudo chmod 0740 /root/.<i>INIT_FILE</i>
-    $ sudo chmod 0740 /home/<i>USER</i>/.<i>INIT_FILE</i>
+    $ sudo chmod u-s,g-wxs,o= /root/.<i>INIT_FILE</i>
+    $ sudo chmod u-s,g-wxs,o= /home/<i>USER</i>/.<i>INIT_FILE</i>
     </pre>
 
 rationale: |-
@@ -34,10 +34,10 @@ ocil: |-
     There should be no output.
 
 fixtext: |-
-    Set the mode of the local initialization files to "0740" with the following command:
+    Set the mode of the local initialization files to "0740" or less permissive with the following command:
 
     Note: The example will be for the smithj user, who has a home directory of "/home/smithj".
 
-    $ sudo chmod 0740 /home/smithj/.
+    $ sudo chmod u-s,g-wxs,o= /home/smithj/.<i>INIT_FILE</i>
 
 srg_requirement: 'All {{{ full_name }}} local initialization files must have mode 0740 or less permissive.'
