7.1.3 Ensure permissions on /etc/group are configured

Information

The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

The /etc/group file needs to be protected from unauthorized changes by non-privileged users, but needs to be readable as this information is used with many non-privileged programs.

Solution

Run the following commands to remove excess permissions, set owner, and set group on /etc/group :

# chmod u-x,go-wx /etc/group
# chown root:root /etc/group

See Also

https://workbench.cisecurity.org/benchmarks/18960

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 5363243001314e8c23e17e76afb2002932c7f537b1c5d617d6d2d1a1b09cce6e