All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.

From HP-UX 11.31 Security Technical Implementation Guide

Part of GEN001550

Associated with IA controls: ECLP-1

Associated with: CCI-000225

SV-35145r1_rule All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.

Vulnerability discussion

If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

Check content

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member: List the user accounts. # cat /etc/passwd | cut -f 1,1 -d ":" For each user account, get a list of GIDs for files in the user's home directory. # find ~ | xargs ls -ldn | tr '\011' ' ' | tr -s ' ' | awk '{print $4, $NF}' Obtain the list of GIDs associated with the user's account. # id OR # id -G OR # cat /etc/group | grep Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Fix text

Change the group of a file not group-owned by a group of which the home directory's owner is a member. # chgrp ['s primary group] [file with bad group ownership]

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer