V-216188 - Solaris 11 X86 Security Technical Implementation Guide

Back to Solaris 11 X86 Security Technical Implementation Guide

All home directories must be owned by the respective user assigned to it in /etc/passwd.

Severity: Medium

Description

<VulnDiscussion>Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check

The root role is required. Check that home directories are owned by the correct user. # export IFS=":"; logins -uxo | while read user uid group gid gecos home rest; do result=$(find ${home} -type d -prune \! -user $user -print 2>/dev/null); if [ ! -z "${result}" ]; then echo "User: ${user}\tOwner: $(ls -ld $home | awk '{ print $3 }')"; fi; done If any output is produced, this is a finding.

Fix

The root role is required. Correct the owner of any directory that does not match the password file entry for that user. # chown [user] [home directory]