3.1.1.2 All user id's must be unique

Information

All users should have a unique UID. In particular the only user on the system to have a UID of 0 should be the root user.

Rationale:

The only user with a UID of 0 on the system must be the root user. Any account with a UID of 0 has super user privileges on the system and is effectively root. All access to the root account should be via su or sudo to provide an audit trail. All other users must also have a unique UID to ensure that file and directory security is not compromised.

Solution

Examine the user IDs of all configured users:

cut -d: -f 3 /etc/passwd |sort -n |uniq -d

If a number, or numbers are returned from the command above, these are UID values which are not unique within the /etc/passwd file. Determine the effected username/s:

cut -f '1 3' -d : /etc/passwd |grep ':<UID>$'

NOTE: Any user names returned should either be deleted or have the UID changed
To remove:

rmuser <username>

To change the UID:

chuser id=<id> <username>

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16.6

Plugin: Unix

Control ID: 012142fb00cf1527c130a65b9d8ed1367c2c36ed68d2d3caa75b1014614e46d5