9.17 Check for Duplicate GIDs

Information

Although the groupadd program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually modify group and change the GID field.

Rationale:

User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.

Solution

Correct or justify any items discovered in the Audit step. Determine if there exists any duplicate group identifiers, and work with each respective group owner to remediate this issue and ensure that the group ownership of their files are set to an appropriate value.

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 3422a96c3673d425763e9906f8dde692ea28a677f859d1641501359d65fa3b05