STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-219973

CAT II (Medium)

The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.

Rule ID

SV-219973r958726_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-001170

Discussion

Allowing any user to elevate their privileges can allow them excessive control of the system tools.

Check Content

Verify the root user is configured as a role, rather than a normal user. 

# userattr type root

If the command does not return the word "role", this is a finding.

Verify at least one local user has been assigned the root role.

# grep '[:;]roles=root[^;]*' /etc/user_attr

If no lines are returned, or no users are permitted to assume the root role, this is a finding.

Fix Text

The root role is required.

Convert the root user into a role. 

# usermod -K type=role root

Add the root role to authorized users' logins. 

# usermod -R +root [username]

Remove the root role from users who should not be authorized to assume it.

# usermod -R -root [username]