STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Solaris 11 X86 Security Technical Implementation Guide

V-220001

CAT II (Medium)

The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.

Rule ID

SV-220001r958726_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-002235

Discussion

Allowing any user to elevate their privileges can allow them excessive control of the system tools.

Check Content

Verify the root user is configured as a role, rather than a normal user. 

# userattr type root

If the command does not return the word "role", this is a finding.

Verify at least one local user has been assigned the root role.

# grep '[:;]roles=root[^;]*' /etc/user_attr

If no lines are returned, or no users are permitted to assume the root role, this is a finding.

Fix Text

The root role is required.

Convert the root user into a role. 

# usermod -K type=role root

Add the root role to authorized users' logins. 

# usermod -R +root [username]

Remove the root role from users who should not be authorized to assume it.

# usermod -R -root [username]