UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22351 GEN001550 SV-35145r1_rule ECLP-1 Medium
Description
If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-36548r3_chk )
Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member:

List the user accounts.
# cat /etc/passwd | cut -f 1,1 -d ":"

For each user account, get a list of GIDs for files in the user's home directory.
# find ~ | xargs ls -ldn | tr '\011' ' ' | tr -s ' ' | awk '{print $4, $NF}'

Obtain the list of GIDs associated with the user's account.
# id
OR
# id -G
OR
# cat /etc/group | grep

Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.
Fix Text (F-31914r1_fix)
Change the group of a file not group-owned by a group of which the home directory's owner is a member.
# chgrp ['s primary group] [file with bad group ownership]