Title

Duplicate Group IDs (GIDs) must not exist for multiple groups. (Cat II impact)

Discussion

User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.

Check Content

The root role is required. Check that group IDs are unique. # getent group | cut -f3 -d":" | sort -n | uniq -c |\ while read x ; do [ -z "${x}" ] && break set - $x if [ $1 -gt 1 ]; then grps=`getent group | nawk -F: '($3 == n) { print $1 }' n=$2 | xargs` echo "Duplicate GID ($2): ${grps}" fi done If output is produced, this is a finding.

Fix Text

The root role is required. Work with each respective group owner to remediate this issue and ensure that the group ownership of their files are set to an appropriate value.

Additional Identifiers

Rule ID: SV-216428r603267_rule

Vulnerability ID: V-216428

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.