Title

All SLEM 5 local interactive user home directories must have mode 750 or less permissive. (Cat II impact)

Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check Content

Note: This may miss interactive users that have been assigned a privileged User Identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information. Verify the assigned home directory of all SLEM 5 local interactive users has a mode of "750" or less permissive with the following command: > ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) -rwxr-x--- 1 smithj users 18 Mar 5 17:6 /home/smithj If home directories referenced in "/etc/passwd" do not have a mode of "750" or less permissive, this is a finding.

Fix Text

Change the mode of SLEM 5 local interactive user's home directories to "750". To change the mode of a local interactive user's home directory, use the following command: Note: The example will be for the user "smithj". > sudo chmod 750 /home/smithj

Additional Identifiers

Rule ID: SV-261291r996352_rule

Vulnerability ID: V-261291

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.