← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282643

CAT II (Medium)

All TOSS 5 local interactive user home directories must have mode 0770 or less permissive.

Rule ID

SV-282643r1200909_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check Content

Verify the assigned home directory of all local interactive users has a mode of "0770" or less permissive using the following command:

Note: This may miss interactive users that have been assigned a privileged user identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information.

$ sudo ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)

drwxrwx--- 2 wadea admin 4096 Jun 5 12:41 wadea

If home directories referenced in "/etc/passwd" do not have a mode of "0770" or less permissive, this is a finding.

Fix Text

Change the mode of interactive user's home directories to "0770". To change the mode of a local interactive user's home directory, use the following command:

Note: The example will be for the user "wadea".

$ sudo chmod 0770 /home/wadea