All files and directories must have a valid group owner.

From Red Hat Enterprise Linux 7 Security Technical Implementation Guide

Part of SRG-OS-000480-GPOS-00227

Associated with: CCI-002165

SV-86633r2_rule All files and directories must have a valid group owner.

Vulnerability discussion

Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.

Check content

Verify all files and directories on the system have a valid group. Check the owner of all files and directories with the following command: Note: The value after -fstype must be replaced with the filesystem type. XFS is used as an example. # find / -fstype xfs -nogroup If any files on the system do not have an assigned group, this is a finding.

Fix text

Either remove all files and directories from the system that do not have a valid group, or assign a valid group to all files and directories on the system with the "chgrp" command: # chgrp

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer