Skip to content

Ensure Home Directories are Created for New Users

An XCCDF Rule

Description

All local interactive user accounts, upon creation, should be assigned a home directory.

Configure the operating system to assign home directories to all new local interactive users by setting the CREATE_HOME parameter in /etc/login.defs to yes as follows:

CREATE_HOME yes

Rationale

If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.

ID
xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - accounts_have_homedir_login_defs
  - low_complexity

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q shadow-utils; then

if [ -e "/etc/login.defs" ] ; then
    
    LC_ALL=C sed -i "/^\s*CREATE_HOME\s\+/Id" "/etc/login.defs"