UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Nutanix AOS must be configured so that all local interactive user home directories have mode "0750" or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254197 NUTX-OS-001100 SV-254197r846679_rule Medium
Description
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.
STIG Date
Nutanix AOS 5.20.x OS Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-57682r846677_chk )
Confirm Nutanix AOS has assigned home directory of all local interactive users has a mode of "0750" or less permissive.

Step 1. Determine interactive users
$ sudo cat $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
cat: /home/nutanix: Is a directory
cat: /home/admin: Is a directory

Step 2. Determine permissions on interactive users home directories.
$ sudo stat -c "%a %n" /home/admin
750 /home/admin

$ sudo stat -c "%a %n" /home/nutanix
750 /home/nutanix

If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.
Fix Text (F-57633r846678_fix)
Configure any interactive users home directory to have a mode of "0750" or less by running the command:

$ sudo chmod 0750 [path to interactive users home directory]