UCF STIG Viewer Logo

All skeleton files (typically in /etc/skel) must be group-owned by root, bin or sys.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22358 GEN001830 SV-45139r2_rule Medium
Description
If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-42482r2_chk )
Verify the skeleton files are group-owned by root, bin or sys.

Procedure:
# ls -alL /etc/skel
If a skeleton file is not group-owned by root, bin or sys this is a finding.
Fix Text (F-38535r3_fix)
Change the group-owner of the skeleton file to root, bin or sys.

Procedure:
# chgrp /etc/skel/
or:
# cd /etc/skel
# ls -L /etc/skel|xargs stat -L -c %G:%n|egrep -v "^(root|bin|sys):"|cut -d: -f2|xargs chgrp root
will change the group of all files not already in one of the approved groups to root.