Title

Group Identifiers (GIDs) reserved for system accounts must not be assigned to non-system groups. (Cat II impact)

Discussion

Reserved GIDs are typically used by system software packages. If non-system groups have GIDs in this range, they may conflict with system software, possibly leading to the group having permissions to modify system files.

Check Content

# more /etc/passwd Confirm all accounts with a GID of 99 and below (499 and below for Linux) are used by a system account. If a GID reserved for system accounts, 0 - 99 (0 - 499 for Linux), is used by a non-system account, this is a finding.

Fix Text

Change the primary group GID numbers for non-system accounts with reserved primary group GIDs (those less or equal to 99 in general, or 499 for Linux).

Additional Identifiers

Rule ID: SV-780r2_rule

Vulnerability ID: V-780

Group Title: GEN000360

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.