Ensure All World-Writable Directories Are Owned by a System Account

An XCCDF Rule

Description

All directories in local partitions which are world-writable should be owned by root or another system account. If any world-writable directories are not owned by a system account, this should be investigated. Following this, the files should be deleted or assigned to an appropriate owner.

warning alert: Warning

This rule can take a long time to perform the check and might consume a considerable amount of resources depending on the number of directories present on the system. It is not a problem in most cases, but especially systems with a large number of directories can be affected. See https://access.redhat.com/articles/6999111.

Rationale

Allowing a user account to own a world-writable directory is undesirable because it allows the owner of that directory to remove or replace any files that may be placed in the directory by other users.

ID: xccdf_org.ssgproject.content_rule_dir_perms_world_writable_system_owned
Severity: Medium
References: 12 13 14 15 16 18 3 5

APO01.06 DSS05.04 DSS05.07 DSS06.02

CCI-000366

4.3.3.7.3

SR 2.1 SR 5.2

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

AC-6(1) CM-6(a)

PR.AC-4 PR.DS-5

SRG-OS-000480-GPOS-00227
Updated: 8 months ago