GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group - roles=root

Information

Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.

Solution

Convert the root user into a role.
# usermod -K type=role root

Add the root role to authorized users' logins.
# usermod -R root <userid>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(5), CAT|III, CCI|CCI-000770, Rule-ID|SV-227596r603266_rule, STIG-ID|GEN000850, STIG-Legacy|SV-39876, STIG-Legacy|V-22308, Vuln-ID|V-227596

Plugin: Unix

Control ID: e55c2c49e0ef5ea47f6bdf72320fb0a87cf8d173fb3415f53218b1a8b50c6af2