All files and directories contained in user home directories must be group-owned by a group of which the home directorys owner is a member.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22351	GEN001550	SV-63833r1_rule		Medium

Description
If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2020-02-25

Details

Check Text ( C-52369r1_chk )
Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member. 1. List the user accounts. # cut -d : -f 1 /etc/passwd 2. For each user account, get a list of GIDs for files in the user's home directory. # find ~username -printf %G\\n \| sort \| uniq 3. Obtain the list of GIDs where the user is a member. # id -G username 4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Check Text ( C-52369r1_chk )

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member.
1. List the user accounts.
# cut -d : -f 1 /etc/passwd
2. For each user account, get a list of GIDs for files in the user's home directory.
# find ~username -printf %G\\n | sort | uniq
3. Obtain the list of GIDs where the user is a member.
# id -G username
4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Fix Text (F-54407r3_fix)
Change the group of a file not group-owned by a group of which the home directory's owner is a member. # chgrp Document all changes.