← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-281065

CAT II (Medium)

RHEL 10 must enforce mode "0750" or less permissive for local interactive user home directories.

Rule ID

SV-281065r1165550_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000213

Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check Content

Verify RHEL 10 is configured so that the assigned home directory of all local interactive users has a mode of "0750" or less permissive with the following command:

Note: This may miss interactive users that have been assigned a privileged user identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system login information.

$ stat -L -c '%a %n' $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) 2>/dev/null
700 /home/disauser

If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.

Fix Text

Configure RHEL 10 so that the mode of interactive user's home directories is set to "0750". 

To change the mode of a local interactive user's home directory, use the following command:

Note: The example will be for the user "disauser".

$ sudo chmod 0750 /home/disauser