All TOSS local interactive user home directories must be owned by root.

STIG ID: TOSS-04-020310  |  SRG: SRG-OS-000480-GPOS-00230 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-252970

Vulnerability Discussion

Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.

Check

Check that all user home directories are owned by the root user with the following command:

$ find $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) -maxdepth 0 -not -user root -ls

If there is any output, this is a finding.

Fix

Change the owner of interactive user's home directories to root.

To change the owner of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj."

$ sudo chown root /home/smithj
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.