All files and directories contained in user home directories must be group-owned by a group of which the home directorys owner is a member.

From SUSE Linux Enterprise Server v11 for System z

Part of GEN001550

Associated with: CCI-000225

SV-45038r1_rule All files and directories contained in user home directories must be group-owned by a group of which the home directorys owner is a member.

Vulnerability discussion

If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

Check content

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member. 1. List the user accounts. # cut -d : -f 1 /etc/passwd 2. For each user account, get a list of GIDs for files in the user's home directory. # find ~username -printf %G\\n | sort | uniq 3. Obtain the list of GIDs where the user is a member. # id -G username 4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Fix text

Change the group of a file not group-owned by a group of which the home directory's owner is a member. # chgrp Document all changes.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer