AOSX-13-001110 - The macOS system must be configured with all public directories owned by root or an application account.

Information

All public directories must be owned by 'root', the local admin user, or an application account. Directory owners have permission to delete any files contained in that directory, even if the files are owned by other user accounts. By setting the owner to an administrator or application account, regular users will not be permitted to delete each other's files.

Solution

To change the ownership of any finding, run the following command:

/usr/bin/sudo find / -type d -perm +o+w -not -uid 0 -exec chown root {} ;

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-13_V2R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-214902r609363_rule, STIG-ID|AOSX-13-001110, STIG-Legacy|SV-96397, STIG-Legacy|V-81683, Vuln-ID|V-214902

Plugin: Unix

Control ID: 1e36d0a1114fa006ecf7464590618119e0e32581d759e0c728a7939901fdc5a5