Title

All skeleton files and directories (typically in /etc/skel) must be owned by root. (Cat II impact)

Discussion

If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files. Failure to give ownership of sensitive files or utilities to root provides the designated owner and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.

Check Content

Check skeleton files ownership. # ls -alL /etc/skel If a skeleton file is not owned by root, this is a finding.

Fix Text

Change the ownership of skeleton files with incorrect mode. # chown root <skeleton file>

Additional Identifiers

Rule ID: SV-227674r603266_rule

Vulnerability ID: V-227674

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.