← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-780

CAT II (Medium)

GIDs reserved for system accounts must not be assigned to non-system groups.

Rule ID

SV-44826r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000366

Discussion

Reserved GIDs are typically used by system software packages. If non-system groups have GIDs in this range, they may conflict with system software, possibly leading to the group having permissions to modify system files.

Check Content

Confirm all accounts with a GID of 499 and below are used by a system account. 

Procedure:
List all the users with a GID of 0-499.

# awk -F: '$4 <= 499 {printf "%15s:%4s\n", $1, $4}' /etc/passwd | sort -n -t: -k2

If a GID reserved for system accounts (0 - 499) is used by a non-system account, this is a finding.

Fix Text

Change the primary group GID numbers for non-system accounts with reserved primary group GIDs (those less or equal to 499).