UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must restrict the ability to switch to the root user to members of a defined group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22308 GEN000850 SV-39876r1_rule ECLP-1 Low
Description
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
STIG Date
Solaris 9 X86 Security Technical Implementation Guide 2014-01-08

Details

Check Text ( C-39530r1_chk )
Verify the root user is configured as a role, rather than a normal user.
# egrep '^root:' /etc/user_attr
If the returned line does not include "type=role", this is a finding.

Verify at least one local user has been assigned the root role.
# egrep '[:;]roles=[^;]*,?root([,;]|$)' /etc/user_attr
If no lines are returned, no users are permitted to assume the root role, this is a finding.
Fix Text (F-34021r1_fix)
Convert the root user into a role.
# usermod -K type=role root

Add the root role to authorized users' logins.
# usermod -R root