All TOSS local interactive user home directories must be owned by the user's primary group.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-252971	TOSS-04-020320	SV-252971r824237_rule		Medium

Description
Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.

STIG	Date
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide	2022-08-29

Details

Check Text ( C-56424r824235_chk )
Check that all user home directories are owned by the user's primary group with the following command: $ awk -F: '($3>=1000)&&($7 !~ /nologin/)&&("stat -c '%g' " $6 \| getline dir_group)&&(dir_group!=$4){print $1,$6}' /etc/passwd admin /home/admin Check each user's primary group with the following command (example command is for the "admin" user): $ sudo grep "^admin" /etc/group admin:x:250:smithj,jonesj,jacksons If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Check Text ( C-56424r824235_chk )

Check that all user home directories are owned by the user's primary group with the following command:

$ awk -F: '($3>=1000)&&($7 !~ /nologin/)&&("stat -c '%g' " $6 | getline dir_group)&&(dir_group!=$4){print $1,$6}' /etc/passwd
admin /home/admin

Check each user's primary group with the following command (example command is for the "admin" user):

$ sudo grep "^admin" /etc/group
admin:x:250:smithj,jonesj,jacksons

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Fix Text (F-56374r824236_fix)
Change the group owner of interactive user's home directories to that users primary group. To change the group owner of a local interactive user's home directory, use the following command: Note: The example will be for the user "smithj." $ sudo chgrp smithj /home/smithj