7.1.12 Ensure no files or directories without an owner and a group exist

Information

Administrators may delete users or groups from the system and neglect to remove all files and/or directories owned by those users or groups.

A new user or group who is assigned a deleted user's user ID or group ID may then end up "owning" a deleted user or group's files, and thus have more access on the system than was intended.

Solution

Remove or set ownership and group ownership of these files and/or directories to an active user on the system as appropriate.

See Also

https://workbench.cisecurity.org/benchmarks/17045

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: f352a30eb21c89511f5e93cbcc1ad2914460851ec674ea65632c5d870ccdd605