UCF STIG Viewer Logo

All files and directories contained in user home directories must have mode 0750 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-915 GEN001560 SV-63837r1_rule Low
Description
Excessive permissions allow unauthorized access to user files.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2020-02-25

Details

Check Text ( C-52373r2_chk )
For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750.

Procedure:
# find / ! -fstype nfs ! \( -name .bashrc -o -name .bash_login -o -name .bash_logout -o -name .bash_profile -o -name .cshrc -o -name .kshrc -o -name .login -o -name .logout -o -name .profile -o -name .tcshrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \;

If user home directories contain files or directories more permissive than 0750, this is a finding.
Fix Text (F-54411r1_fix)
Change the mode of files and directories within user home directories to 0750.

Procedure:
# chmod 0750 filename

Document all changes.