Groups assigned to users must exist in the /etc/group file.
An XCCDF Rule
Description
<VulnDiscussion>Groups defined in passwd but not in group file pose a threat to system security since group permissions are not properly managed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216422r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The root role is required.
Correct or justify any items discovered in the Audit step. Determine if any groups are in passwd but not in group, and work with those users or group owners to determine the best course of action in accordance with site policy.