Title

All home directories must be owned by the respective user assigned to it in /etc/passwd. (Cat II impact)

Discussion

Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.

Check Content

The root role is required. Check that home directories are owned by the correct user. # export IFS=":"; logins -uxo | while read user uid group gid gecos home rest; do result=$(find ${home} -type d -prune \! -user $user -print 2>/dev/null); if [ ! -z "${result}" ]; then echo "User: ${user}\tOwner: $(ls -ld $home | awk '{ print $3 }')"; fi; done If any output is produced, this is a finding.

Fix Text

The root role is required. Correct the owner of any directory that does not match the password file entry for that user. # chown [user] [home directory]

Additional Identifiers

Rule ID: SV-216188r603268_rule

Vulnerability ID: V-216188

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.