STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22351

CAT II (Medium)

All files and directories contained in user home directories must be group-owned by a group of which the home directorys owner is a member.

Rule ID

SV-45038r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

If a user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

Check Content

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member.
1. List the user accounts.
# cut -d : -f 1 /etc/passwd
2. For each user account, get a list of GIDs for files in the user's home directory.
# find ~username -printf %G\\n | sort | uniq
3. Obtain the list of GIDs where the user is a member.
# id -G username
4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Fix Text

Change the group of a file not group-owned by a group of which the home directory's owner is a member.
# chgrp <group with user as member> <file with bad group ownership>
Document all changes.