All Interactive User Home Directories Must Be Owned By The Primary User
An XCCDF Rule
Description
Change the owner of interactive users home directories to that correct owner. To change the owner of a interactive users home directory, use the following command:
$ sudo chown USER /home/USERThis rule ensures every home directory related to an interactive user is owned by an interactive user. It also ensures that interactive users are owners of one and only one home directory.
warning alert: Warning
Due to OVAL limitation, this rule can report a false negative in a
specific situation where two interactive users swap the ownership of
their respective home directories.
Rationale
If a local interactive user does not own their home directory, unauthorized users could access or modify the user's files, and the users may not be able to access their own files.
- ID
- xccdf_org.ssgproject.content_rule_file_ownership_home_directories
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Get all local users from /etc/passwd
ansible.builtin.getent:
database: passwd
split: ':'
tags:
- file_ownership_home_directories
Remediation - Shell Script
awk -F':' '{ if ($3 >= 1000 && $3 != 65534) system("chown -f " $3" "$6) }' /etc/passwd