All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary Group

An XCCDF Rule

Description

Change the group of a local interactive users files and directories to a group that the interactive user is a member of. To change the group owner of a local interactive users files and directories, use the following command:

$ sudo chgrp USER_GROUP /home/USER/FILE_DIR

This rule ensures every file or directory under the home directory related to an interactive user is group-owned by an interactive user.

warning alert: Warning

Due to OVAL limitation, this rule can report a false negative in a specific situation where two interactive users swap the group-ownership of folders or files in their respective home directories.

Rationale

If a local interactive users files are group-owned by a group of which the user is not a member, unintended users may be able to access them.

ID: xccdf_org.ssgproject.content_rule_accounts_users_home_files_groupownership
Severity: Medium
References: CCI-000366

SRG-OS-000480-GPOS-00227

R50
Updated: 5 days ago