UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The /usr/aset/userlist file must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-956 GEN000000-SOL00240 SV-956r2_rule ECLP-1 Medium
Description
If the userlist file is not owned by root, then an unauthorized user can modify the file and enter an unauthorized user.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-28804r1_chk )
If ASET is not used on the system, this is not applicable.

Check the ownership of the /usr/aset/userlist file.
# ls -lL /usr/aset/userlist
If the owner of the file is not root, this is a finding.
Fix Text (F-1110r2_fix)
Use the chmod command to change the owner of the /usr/aset/userlist file.

# chown root /usr/aset/userlist