All interactive user home directories defined in the /etc/passwd file must exist.

From SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Part of GEN001460

Associated with: CCI-000225

SV-45014r1_rule All interactive user home directories defined in the /etc/passwd file must exist.

Vulnerability discussion

If a user has a home directory defined that does not exist, the user may be given the / directory, by default, as the current working directory upon logon. This could create a Denial of Service because the user would not be able to perform useful tasks in this location.

Check content

Use pwck to verify assigned home directories exist. # pwck If any user's assigned home directory does not exist, this is a finding.

Fix text

If a user has no home directory, determine why. If possible, delete accounts without a home directory. If the account is valid, then create the home directory using the appropriate system administration utility or manually. For example: # /sbin/yast2 users ( > Edit > Details) OR # mkdir # for i in $(ls -A /etc/skel); do cp -rp /etc/skel/$i ; done # chown -R : Document all changes.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer