← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-903

CAT II (Medium)

All interactive user home directories must be group-owned by the home directory owners primary group.

Rule ID

SV-46273r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

If the Group Identifier (GID) of the home directory is not the same as the GID of the user, this would allow unauthorized access to files.

Check Content

Check the group ownership for each user in the /etc/passwd file.

Procedure:
# cut -d : -f 6 /etc/passwd | xargs -n1 ls -ld 

If any user home directory is not group-owned by the assigned user's primary group, this is a finding. Home directories for application accounts requiring different group ownership must be documented using site-defined procedures.

Fix Text

Change the group-owner for user home directories to the primary group of the assigned user.

Procedure:
Find the primary group of the user (GID) which is the fourth field of the user entry in /etc/passwd.

# chgrp <GID> <user home directory>

Document all changes.