All files and directories contained in user's home directories must have mode 0750 or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-915	GEN001560	SV-915r2_rule	ECLP-1	Low

Description
Excessive permissions allow unauthorized access to user's files.

STIG	Date
UNIX SRG	2013-03-26

Details

Check Text ( C-431r3_chk )
For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750. Procedure: # find / ! -fstype nfs ! \( -name .login -o -name .cshrc -o -name .logout -o -name .profile -o -name .bash_profile -o -name .bashrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \; If user's home directories contain files or directories more permissive than 0750, this is a finding.

Check Text ( C-431r3_chk )

For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750.

Procedure:
# find / ! -fstype nfs ! \( -name .login -o -name .cshrc -o -name .logout -o -name .profile -o -name .bash_profile -o -name .bashrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \;

If user's home directories contain files or directories more permissive than 0750, this is a finding.

Fix Text (F-1069r2_fix)
Change the mode of files and directories within user's home directories to 0750. Procedure: # chmod 0750 filename Document all changes.