V-254197

Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check Content

Confirm Nutanix AOS has assigned home directory of all local interactive users has a mode of "0750" or less permissive.

Step 1. Determine interactive users
$ sudo cat $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
cat: /home/nutanix: Is a directory
cat: /home/admin: Is a directory

Step 2. Determine permissions on interactive users home directories.
$ sudo stat -c "%a %n" /home/admin
750 /home/admin

$ sudo stat -c "%a %n" /home/nutanix
750 /home/nutanix

If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.