6.2.10 Ensure users' dot files are not group or world writable

Information

While the system administrator can establish secure permissions for users' "dot" files, the
users can easily override these.

Rationale:

Group or world-writable user configuration files may enable malicious users to steal or
modify other users' data or to gain another user's system privileges.

Solution

Making global modifications to users' files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user dot file permissions and determine the action to be
taken in accordance with site policy.

Notes:

On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.

See Also

https://workbench.cisecurity.org/files/2420