UCF STIG Viewer Logo

The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-204470 RHEL-07-020650 SV-204470r880764_rule Medium
Description
If the Group Identifier (GID) of a local interactive user's home directory is not the same as the primary GID of the user, this would allow unauthorized access to the user's files, and users that share the same group may not be able to access files that they legitimately should.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2022-12-06

Details

Check Text ( C-4594r880762_chk )
Verify the assigned home directory of all local interactive users is group-owned by that user's primary GID.

Check the home directory assignment for all local interactive users on the system with the following command:

# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
-rwxr-x--- 1 smithj users 13 Apr 1 04:20 /home/smithj

Check the user's primary group with the following command:

# grep $(grep smithj /etc/passwd | awk -F: '{print $4}') /etc/group
users:x:250:smithj,marinc,chongt

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.
Fix Text (F-4594r880763_fix)
Change the group owner of a local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj", and has a primary group of users.

# chgrp users /home/smithj