UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The OS X system must be configured with all public directories owned by root or an application account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-76121 AOSX-12-001110 SV-90809r1_rule Medium
Description
All public directories must be owned by "root", the local admin user, or an application account. Directory owners have permission to delete any files contained in that directory, even if the files are owned by other user accounts. By setting the owner to an administrator or application account, regular users will not be permitted to delete each other's files.
STIG Date
Apple OS X 10.12 Security Technical Implementation Guide 2018-12-24

Details

Check Text ( C-75807r1_chk )
To display all directories that are writable by all and not owned by "root", run the following command:

/usr/bin/sudo find / -type d -perm +o+w -not -uid 0

If anything is returned, and those directories are not owned by root or application account, this is a finding.
Fix Text (F-82759r1_fix)
To change the ownership of any finding, run the following command:

/usr/bin/sudo find / -type d -perm +o+w -not -uid 0 -exec chown root {} \;