Information
While the system administrator can establish secure permissions for users' home directories, the users can easily override these.
Rationale:
Group or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system privileges.
Solution
Making global modifications to user home directories without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user file permissions and determine the action to be taken in accordance with site policy.
Notes:
On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-72017
Rule ID: SV-86641r3_rule
STIG ID: RHEL-07-020630
Severity: CAT II