All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-226533 | GEN001550 | SV-226533r603265_rule | Medium |
| Description |
|---|
| If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them. |
| STIG | Date |
|---|---|
| Solaris 10 SPARC Security Technical Implementation Guide | 2020-12-04 |
Details
| Check Text ( C-28694r482993_chk ) |
|---|
| Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member. 1. List the user accounts. # cut -d : -f 1/etc/passwd 2. For each user account, get a list of GIDs for files in the user's home directory. # find < users home directory > -exec ls -lLd \; 3. Obtain the list of GIDs associated with the user's account. # id < user name > 4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding. |
| Fix Text (F-28682r482994_fix) |
|---|
| Change the group of a file not group-owned by a group where the home directory's owner is a member. # chgrp < user's primary group > |