This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

The Red Hat Enterprise Linux operating system must be configured so that all files and directories have a valid owner.

STIG ID: RHEL-07-020320  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium (CAT II)  |  CCI: CCI-002165 |  Vulnerability Id: V-204463

Vulnerability Discussion

Unowned files and directories may be unintentionally inherited if a user is assigned the same User Identifier "UID" as the UID of the un-owned files.

Check

Verify all files and directories on the system have a valid owner.

Check the owner of all files and directories with the following command:

Note: The value after -fstype must be replaced with the filesystem type. XFS is used as an example.

# find / -fstype xfs -nouser

If any files on the system do not have an assigned owner, this is a finding.

Fix

Either remove all files and directories from the system that do not have a valid user, or assign a valid user to all unowned files and directories on the system with the "chown" command:

# chown <user> <file>
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.