Title

The operating system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders. (Cat II impact)

Discussion

>Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources. Satisfies: SRG-OS-000480-GPOS-00230

Check Content

Verify the operating system limits the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders. If it does not, this is a finding. $ ls -l /home/ All directories should indicate they are owned by their users and have appropriate permissions. If directories are stored somewhere else, check there.

Fix Text

Configure the operating system to limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.

Additional Identifiers

Rule ID:

Vulnerability ID: V-2300

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.