This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

All TOSS local interactive user home directories must have mode 0770 or less permissive.

STIG ID: TOSS-04-020300  |  SRG: SRG-OS-000480-GPOS-00230 |  Severity: medium (CAT II)  |  CCI: CCI-000366 |  Vulnerability Id: V-252969

Vulnerability Discussion

Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.

Check

Verify the operating system limits the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.

Ensure that the user permissions on all user home directories is set to 770 permissions with the following command:

$ find $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) -maxdepth 0 -not -perm 770 -ls

If there is any output, this is a finding.

Fix

Change the mode of interactive user's home directories to "0770." To change the mode of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj."

$ sudo chmod 0770 /home/smithj
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.