This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.
The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories are group-owned by a group of which the home directory owner is a member.
If a local interactive user's files are group-owned by a group of which the user is not a member, unintended users may be able to access them.
Check
Verify all files and directories in a local interactive user home directory are group-owned by a group the user is a member of.
Check the group owner of all files and directories in a local interactive user's home directory with the following command:
Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".
# ls -lLR /<home directory>/<users home directory>/ -rw-r--r-- 1 smithj smithj 18 Mar 5 17:06 file1 -rw-r--r-- 1 smithj smithj 193 Mar 5 17:06 file2 -rw-r--r-- 1 smithj sa 231 Mar 5 17:06 file3
If any files are found with an owner different than the group home directory user, check to see if the user is a member of that group with the following command:
If the user is not a member of a group that group owns file(s) in a local interactive user's home directory, this is a finding.
Fix
Change the group of a local interactive user's files and directories to a group that the interactive user is a member of. To change the group owner of a local interactive user's files and directories, use the following command:
Note: The example will be for the user smithj, who has a home directory of "/home/smithj" and is a member of the users group.