V-216188

Discussion

Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.

Check Content

The root role is required.

Check that home directories are owned by the correct user.

# export IFS=":"; logins -uxo | while read user uid group gid gecos home rest; do result=$(find ${home} -type d -prune \! -user $user -print 2>/dev/null); 
if [ ! -z "${result}" ]; then 
echo "User: ${user}\tOwner: $(ls -ld $home | awk '{ print $3 }')";
fi;
done

If any output is produced, this is a finding.