Rule ID
SV-215278r991592_rule
Version
V3R2
CCIs
If the Group Identifier (GID) of the home directory is not the same as the GID of the user, this would allow unauthorized access to files.
Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member.
List the user accounts:
# cut -d : -f 1 /etc/passwd
root
daemon
bin
sys
adm
uucp
nobody
invscout
snapp
ipsec
srvproxy
esaadmin
sshd
doejohn
dirtjoe
For each user account, get a list of group names for files in the user's home directory:
# find < users home directory > -exec ls -lLd {} \;
Obtain the list of group names associated with the user's account:
# lsuser -a groups < user name >
doejohn groups=staff
Check the group name lists:
# cat /etc/group
system:!:0:root,srvproxy,esaadmin
staff:!:1:ipsec,srvproxy,esaadmin,sshd,doejohn
bin:!:2:root,bin
sys:!:3:root,bin,sys
adm:!:4:bin,adm
mail:!:6:
security:!:7:root
cron:!:8:root
audit:!:10:root
ecs:!:28:
nobody:!:4294967294:nobody,lpd
usr:!:100:dirtjoe
perf:!:20:
shutdown:!:21:
invscout:!:12:invscout
snapp:!:13:snapp
ipsec:!:200:
sshd:!:201:sshd
If there are group names in the file list not present in the user list, this is a finding.Change the group of a file not group-owned by a group where the home directory's owner is a member using command: # chgrp [user's primary group] [file with bad group ownership]