Title

The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are owned by their respective users. (Cat II impact)

Discussion

If a local interactive user does not own their home directory, unauthorized users could access or modify the user's files, and the users may not be able to access their own files.

Check Content

Verify the assigned home directory of all local interactive users on the system exists. Check the home directory assignment for all local interactive users on the system with the following command: # ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) -rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj If any home directories referenced in "/etc/passwd" are not owned by the interactive user, this is a finding.

Fix Text

Change the owner of a local interactive user's home directories to that owner. To change the owner of a local interactive user's home directory, use the following command: Note: The example will be for the user smithj, who has a home directory of "/home/smithj". # chown smithj /home/smithj

Additional Identifiers

Rule ID: SV-204469r603830_rule

Vulnerability ID: V-204469

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.