---
id: V-71849
status: opt-in
tag: file_perms
---

.. note::

    Ubuntu's ``debsums`` command does not support verification of permissions
    and ownership for files that were installed by packages. This STIG
    requirement will be skipped on Ubuntu.

The STIG requires that all files owned by an installed package must have their
permissions, user ownership, and group ownership set back to the vendor
defaults.

Although this is a good practice, it can cause issues if permissions or
ownership were intentionally set after the packages were installed. It also
causes significant delays in deployments. Therefore, this STIG is not applied
by default.

Deployers may opt in for the change by setting the following Ansible variable:

.. code-block:: yaml

   security_reset_perm_ownership: yes