STIG ID: ALMA-09-015310 | SRG: SRG-OS-000480-GPOS-00230 | Severity: medium | CCI: | Vulnerability Id: V-269215
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.
Change the mode of interactive user's home directories to "0750". To change the mode of a local interactive user's home directory, use the following command:
Note: The example will be for the user "test".
$ chmod 0750 /home/test
Note: This may miss interactive users that have been assigned a privileged user identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information.
Verify the assigned home directory of all local interactive users has a mode of "0750" or less permissive with the following command:
$ ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
drwx------. 2 simon simon 83 Nov 30 12:30 /home/simon
drwx------. 2 test test 83 Jan 19 14:18 /home/test
drwx------. 2 test testdupe 62 Jan 15 11:44 /home/testdupe
If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.