The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files.

An XCCDF Rule

Details
Profiles

Description

Configuring the operating system to use the most restrictive permissions possible for user home directories helps to protect against inadvertent disclosures. Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230

ID: SV-252516r916421_rule
Version: APPL-12-002068
Severity: Medium
References: CCI-000366
Updated: 5 days ago

Remediation Templates

Configure the macOS system to set the appropriate permissions for each user on the system with the following command:

/usr/sbin/diskutil resetUserPermissions / DeviceNode UID, where "DeviceNode UID" is the ID number for the user whose home directory permissions need to be repaired.

The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files.

Description

Remediation Templates

A Manual Procedure