Information
The system is audited for group staff writable files.
Rationale:
An audit should be performed on the system to search for files that can be modified by members of the group staff. As staff is the default group for user accounts any file that is writable via group staff is comparable to being writable by other aka world writable.
In a case - where this permission is required - the recommendation is to create a new group and appoint a group administrator.
The goal is no group staff writable files.
Solution
Review the currently mounted local filesystems using the following to find all world writable files on local JFS/JFS2 filesystems only:
find / ( -fstype jfs -o -fstype jfs2 ) -type f -perm -g+w -group staff -ls
Remedy any files in the list, e.g., chmod o-w {filename}
Document any files, and motivate why they are world writeable, and also add documentation re: when/why this exception ceases.
Default Value:
N/A
Additional Information:
The audit procedure does not verify remote file systems (e.g., NFS). The expectation is that these are being audited on the file (e.g., NFS) server - rather than on all clients.