6.2.8 Ensure root is the only UID 0 account

Information

Any account with UID 0 has superuser privileges on the system.

This access must be limited to only the default root account and only from the system console. Administrative access must be through an unprivileged account using an approved mechanism as noted in recommendation "Ensure access to the su command is restricted".

Solution

Remove any users other than root with UID 0 or assign them a new UID if appropriate.

See Also

https://workbench.cisecurity.org/files/3796

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 71186884fc264ed513077d15d0a7704a12bdd9fc056fedb0c6d3748bdfe1f14e