← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-216428

CAT II (Medium)

Duplicate Group IDs (GIDs) must not exist for multiple groups.

Rule ID

SV-216428r959010_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.

Check Content

The root role is required.

Check that group IDs are unique.

# getent group | cut -f3 -d":" | sort -n | uniq -c |\
while read x ; do
[ -z "${x}" ] && break
set - $x
if [ $1 -gt 1 ]; then
grps=`getent group | nawk -F: '($3 == n) { print $1
}' n=$2 | xargs`
echo "Duplicate GID ($2): ${grps}"
fi
done

If output is produced, this is a finding.

Fix Text

The root role is required.

Work with each respective group owner to remediate this issue and ensure that the group ownership of their files are set to an appropriate value.