The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are defined in the /etc/passwd file.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-72015	RHEL-07-020620	SV-86639r2_rule		Medium

Description
If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon. This could create a Denial of Service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.

STIG	Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide	2018-11-28

Details

Check Text ( C-72247r2_chk )
Verify the assigned home directory of all local interactive users on the system exists. Check the home directory assignment for all local interactive non-privileged users on the system with the following command: # cut -d: -f 1,3,6 /etc/passwd \| egrep ":[1-4][0-9]{3}" smithj:1001:/home/smithj Note: This may miss interactive users that have been assigned a privileged UID. Evidence of interactive use may be obtained from a number of log files containing system logon information. Check that all referenced home directories exist with the following command: # pwck -r user 'smithj': directory '/home/smithj' does not exist If any home directories referenced in "/etc/passwd" are returned as not defined, this is a finding.

Check Text ( C-72247r2_chk )

Verify the assigned home directory of all local interactive users on the system exists.

Check the home directory assignment for all local interactive non-privileged users on the system with the following command:

# cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"

smithj:1001:/home/smithj

Note: This may miss interactive users that have been assigned a privileged UID. Evidence of interactive use may be obtained from a number of log files containing system logon information.

Check that all referenced home directories exist with the following command:

# pwck -r
user 'smithj': directory '/home/smithj' does not exist

If any home directories referenced in "/etc/passwd" are returned as not defined, this is a finding.

Fix Text (F-78367r2_fix)
Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd": Note: The example will be for the user smithj, who has a home directory of "/home/smithj", a UID of "smithj", and a Group Identifier (GID) of "users" assigned in "/etc/passwd". # mkdir /home/smithj # chown smithj /home/smithj # chgrp users /home/smithj # chmod 0750 /home/smithj

Fix Text (F-78367r2_fix)

Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":

Note: The example will be for the user smithj, who has a home directory of "/home/smithj", a UID of "smithj", and a Group Identifier (GID) of "users" assigned in "/etc/passwd".

# mkdir /home/smithj
# chown smithj /home/smithj
# chgrp users /home/smithj
# chmod 0750 /home/smithj