STIG ID: RHEL-09-411045 | SRG: SRG-OS-000104-GPOS-00051 | Severity: medium | CCI: | Vulnerability Id: V-258048
If a user is assigned the Group Identifier (GID) of a group that does not exist on the system, and a group with the GID is subsequently created, the user may have unintended rights to any files associated with the group.
Configure the system so that all GIDs are referenced in "/etc/passwd" are defined in "/etc/group".
Edit the file "/etc/passwd" and ensure that every user's GID is a valid GID.
Verify that all RHEL 9 interactive users have a valid GID.
Check that the interactive users have a valid GID with the following command:
$ sudo pwck -qr
If the system has any interactive users with duplicate GIDs, this is a finding.