All AlmaLinux OS 9 local interactive user home directories defined in the /etc/passwd file must exist.

STIG ID: ALMA-09-014650  |  SRG: SRG-OS-000480-GPOS-00230 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-269209

Vulnerability Discussion

If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon.

This could create a denial of service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.

Check

Verify the assigned home directories of all interactive users on the system exist with the following command:

$ pwck -r

user 'testdupe': directory '/home/testdupe' does not exist

The output should not return any interactive users.

If users home directory does not exist, this is a finding.

Fix

Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":

Note: The example will be for the user testdupe, who has a home directory of "/home/testdupe", a UID of "testdupe", and a GID of "testdupe" in "/etc/passwd":

$ mkdir /home/testdupe
$ chown testdupe /home/testdupe
$ chgrp testdupe /home/testdupe
$ chmod 0700 /home/testdupe
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.