All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22351	GEN001550	SV-35145r1_rule	ECLP-1	Medium

Description
If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2017-12-08

Details

Check Text ( C-36548r3_chk )
Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member: List the user accounts. # cat /etc/passwd \| cut -f 1,1 -d ":" For each user account, get a list of GIDs for files in the user's home directory. # find ~ \| xargs ls -ldn \| tr '\011' ' ' \| tr -s ' ' \| awk '{print $4, $NF}' Obtain the list of GIDs associated with the user's account. # id OR # id -G OR # cat /etc/group \| grep Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Check Text ( C-36548r3_chk )

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member:

List the user accounts.
# cat /etc/passwd | cut -f 1,1 -d ":"

For each user account, get a list of GIDs for files in the user's home directory.
# find ~ | xargs ls -ldn | tr '\011' ' ' | tr -s ' ' | awk '{print $4, $NF}'

Obtain the list of GIDs associated with the user's account.
# id
OR
# id -G
OR
# cat /etc/group | grep

Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Fix Text (F-31914r1_fix)
Change the group of a file not group-owned by a group of which the home directory's owner is a member. # chgrp ['s primary group] [file with bad group ownership]