All TOSS local interactive user home directories must be owned by the user's primary group.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-252971	SRG-OS-000480-GPOS-00230	TOSS-04-020320	SV-252971r991592_rule	2024-05-30	2

Description
Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.

ℹ️ Check
Check that all user home directories are owned by the user's primary group with the following command: $ awk -F: '($3>=1000)&&($7 !~ /nologin/)&&("stat -c '%g' " $6 \| getline dir_group)&&(dir_group!=$4){print $1,$6}' /etc/passwd admin /home/admin Check each user's primary group with the following command (example command is for the "admin" user): $ sudo grep "^admin" /etc/group admin:x:250:smithj,jonesj,jacksons If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

ℹ️ Check

Check that all user home directories are owned by the user's primary group with the following command: $ awk -F: '($3>=1000)&&($7 !~ /nologin/)&&("stat -c '%g' " $6 | getline dir_group)&&(dir_group!=$4){print $1,$6}' /etc/passwd admin /home/admin Check each user's primary group with the following command (example command is for the "admin" user): $ sudo grep "^admin" /etc/group admin:x:250:smithj,jonesj,jacksons If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

✔️ Fix
Change the group owner of interactive user's home directories to that users primary group. To change the group owner of a local interactive user's home directory, use the following command: Note: The example will be for the user "smithj." $ sudo chgrp smithj /home/smithj