2.5 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid) - gid

Information

Sometimes when administrators delete users or groups from the system they neglect to remove all files owned by those users or groups.

Rationale:

A new user who is assigned the deleted user's user ID or group ID may then end up 'owning' these files, and thus have more access on the system than was intended.

Solution

Review the currently mounted filesystems:

mount

Un-mount all non-local filesystems and cdrom media:

unmount <mount point>

If there are non-local filesystems which cannot be un-mounted, use the following command to find all un-owned files and directories on local JFS/JFS2 filesystems only:

find / ( -fstype jfs -o -fstype jfs2 ) ( -type d -o -type f ) ( -nouser -o -nogroup ) -ls

If all non-local filesystems have been un-mounted:

find / ( -type d -o -type f ) ( -nouser -o -nogroup ) -ls

NOTE: An un-owned file or directory is referred to via the GID or UID as it cannot be translated to a user or group name in /etc/group or /etc/passwd. This is typically caused by removing users or groups from the system.
Remediate the un-owned file and directory list:

chown <owner> <file>
chgrp <group> <file>

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: c2698f7ea40d4e13a65d54dda1bcb749ee110dec5dd8400aa52248c78d5ca5c6