From d509bef0142036dfa5050a4258f9bd88476de9ab Mon Sep 17 00:00:00 2001
From: Abhishek Shukla <abhishek.shukla@delphix.com>
Date: Thu, 13 Jul 2023 16:22:03 +0530
Subject: [PATCH 1/3] DLPX-86533 CIS: default umask

PR URL: https://www.github.com/delphix/delphix-platform/pull/449
---
 .../roles/delphix-platform/tasks/main.yml     | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index 2c45db29..bfced464 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -681,3 +681,23 @@
   when:
     - variant == "internal-buildserver"
     - not ansible_is_chroot
+
+# CIS: Set default umask (DLPX-86533)
+# We need to set default umask as 022 in the /etc/profile and /etc/bash.bashrc files,
+# so that the same can be applied for all the users on the engine.
+- blockinfile:
+    path: /etc/profile.d/set-umask-for-all-users.sh
+    create: yes
+    block: |
+      #!/bin/sh
+      umask 022
+
+- file:
+    path: /etc/profile.d/set-umask-for-all-users.sh
+    mode: '0755'
+
+- blockinfile:
+    path: /etc/bash.bashrc
+    block: |
+      # Set default umask value.
+      umask 022

From ae6b3f332033a935e2c368389eaadba8bd112e4e Mon Sep 17 00:00:00 2001
From: Abhishek Shukla <abhishek.shukla@delphix.com>
Date: Wed, 19 Jul 2023 15:27:03 +0530
Subject: [PATCH 2/3] Address review comment from Seb, Use a seperate file for
 profile.d

---
 .../etc/profile.d/set-umask-for-all-users.sh      |  3 +++
 .../roles/delphix-platform/tasks/main.yml         | 15 +++------------
 2 files changed, 6 insertions(+), 12 deletions(-)
 create mode 100644 files/common/etc/profile.d/set-umask-for-all-users.sh

diff --git a/files/common/etc/profile.d/set-umask-for-all-users.sh b/files/common/etc/profile.d/set-umask-for-all-users.sh
new file mode 100644
index 00000000..87fcedce
--- /dev/null
+++ b/files/common/etc/profile.d/set-umask-for-all-users.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+umask 022
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index bfced464..81966fb8 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -682,20 +682,11 @@
     - variant == "internal-buildserver"
     - not ansible_is_chroot
 
+#
 # CIS: Set default umask (DLPX-86533)
-# We need to set default umask as 022 in the /etc/profile and /etc/bash.bashrc files,
+# We need to set default umask as 022 in the /etc/bash.bashrc file,
 # so that the same can be applied for all the users on the engine.
-- blockinfile:
-    path: /etc/profile.d/set-umask-for-all-users.sh
-    create: yes
-    block: |
-      #!/bin/sh
-      umask 022
-
-- file:
-    path: /etc/profile.d/set-umask-for-all-users.sh
-    mode: '0755'
-
+#
 - blockinfile:
     path: /etc/bash.bashrc
     block: |

From 14f195637965b61472f423325f3fe70ded365d7f Mon Sep 17 00:00:00 2001
From: Abhishek Shukla <abhishek.shukla@delphix.com>
Date: Wed, 19 Jul 2023 15:27:03 +0530
Subject: [PATCH 3/3] Address review comment from Seb, use 027 as the umask
 value.

---
 files/common/etc/profile.d/set-umask-for-all-users.sh         | 2 +-
 .../10-delphix-platform/roles/delphix-platform/tasks/main.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/common/etc/profile.d/set-umask-for-all-users.sh b/files/common/etc/profile.d/set-umask-for-all-users.sh
index 87fcedce..4b6031ac 100644
--- a/files/common/etc/profile.d/set-umask-for-all-users.sh
+++ b/files/common/etc/profile.d/set-umask-for-all-users.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-umask 022
+umask 027
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index 81966fb8..581665d2 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -684,11 +684,11 @@
 
 #
 # CIS: Set default umask (DLPX-86533)
-# We need to set default umask as 022 in the /etc/bash.bashrc file,
+# We need to set default umask as 027 in the /etc/bash.bashrc file,
 # so that the same can be applied for all the users on the engine.
 #
 - blockinfile:
     path: /etc/bash.bashrc
     block: |
       # Set default umask value.
-      umask 022
+      umask 027