9.17 Check That Reserved UIDs Are Assigned to System Accounts

Information

Traditionally, Unix systems have established "reserved" UIDs (0-99 range) intended for system accounts.

If a user is assigned a UID that is in the reserved range, even if it is not presently in use, security exposures can arise if a subsequently installed application uses the same UID.

Solution

Correct or justify any items discovered in the Audit step. Determine if there are any accounts using these reserved UIDs, and work with their owner to determine the best course of action in accordance with site policy.

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-16(3)

Plugin: Unix

Control ID: e2c295c3c72574e674c55611dfcbe69418ccafe5a8449bdbcced239c1781a1ff