9.24 Find Un-owned Files and Directories

Information

Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system.

A new user who is assigned the deleted user's user ID or group ID may then end up "owning" these files, and thus have more access on the system than was intended.

Solution

Correct or justify any items discovered in the Audit step. Determine the existence of any files that are not attributed to current users or groups on the system, and determine the best course of action in accordance with site policy. Note that the Solaris OS is shipped with all files appropriately owned.

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-16(3)

Plugin: Unix

Control ID: 7de36460f8c3fe12d77ad38359931c8f9e2779755ecae6e4c651564ea92616db