The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files.

An XCCDF Rule

Description

<VulnDiscussion>Configuring the operating system to use the most restrictive permissions possible for user home directories helps to protect against inadvertent disclosures. Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252516r916421_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Configure the macOS system to set the appropriate permissions for each user on the system with the following command:

/usr/sbin/diskutil resetUserPermissions / DeviceNode UID, where "DeviceNode UID" is the ID number for the user whose home directory permissions need to be repaired.

The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files.

Description

Remediation - Manual Procedure