6.2.20 Ensure all local interactive user home directories are group-owned

Information

The operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group.

Rationale:

If the Group Identifier (GID) of a local interactive user's home directory is not the same as the primary GID of the user, this would allow unauthorized access to the user's files, and users that share the same group may not be able to access files that they legitimately should.

Solution

Change the group owner of a local interactive user's home directory to the group found in /etc/passwd. To change the group owner of a local interactive user's home directory, use the following command:
Note: The example will be for the user smithj, who has a home directory of /home/smithj, and has a primary group of users.

# chgrp users /home/smithj

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72022

Rule ID: SV-86645r5_rule

STIG ID: RHEL-07-020650

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 4066b99c345918506e9d669a23949f22341c87db96f66ba3ebd5c1835c3e5d32