6.2.18 Ensure no duplicate user names exist

Information

Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name.

Rationale:

If a user is assigned a duplicate user name, it will create and have access to files with the first UID for that username in /etc/passwd . For example, if 'test4' has a UID of 1000 and a subsequent 'test4' entry has a UID of 2000, logging in as 'test4' will use UID 1000. Effectively, the UID is shared, which is a security problem.

Solution

Based on the results of the audit script, establish unique user names for the users. File ownerships will automatically reflect the change as long as the users have unique UIDs.

See Also

https://workbench.cisecurity.org/files/3148

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv6|16, CSCv7|16

Plugin: Unix

Control ID: fb27debcf330d0f2e544978bdfba43fecc3f7abddc27321742bd6b34c819c1bc