← Back to SLES 12 Security Technical Implementation Guide

V-217173

CAT II (Medium)

All SUSE operating system local interactive user home directories must have mode 0750 or less permissive.

Rule ID

SV-217173r991589_rule

STIG

SLES 12 Security Technical Implementation Guide

Version

V3R2

CCIs

SV-91903

Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check Content

Verify the assigned home directory of all SUSE operating system local interactive users has a mode of "0750" or less permissive.

Check the home directory assignment for all non-privileged users on the system with the following command:

Note: This may miss interactive users that have been assigned a privileged User Identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information.

# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
-rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj

If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.

Fix Text

Change the mode of SUSE operating system local interactive user's home directories to "0750". To change the mode of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj".

# chmod 0750 /home/smithj