3.1.1.3 All group id's must be unique

Information

All groups should have a unique GID on the system.

Rationale:

All groups should have an individual and unique GID. If GID numbers are shared this could lead to undesirable file and directory access.

Solution

Ensure that all group IDs are unique:

cut -d: -f 3 /etc/group |sort -n | uniq -d

If a number, or numbers are returned from the command above, these are GID which are not unique within the /etc/group file. Determine the effected group names:

cut -f '1 3' -d : /etc/group |grep ':<GID>$'

NOTE: Any group names returned should either be deleted or have the UID changed
To remove:

rmgroup <groupname>

To change the UID:

chgroup id=<id> <groupname>

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16.6

Plugin: Unix

Control ID: 37758d8604b291e988b20658812a2e3dd238e2ec927e9c647df9507ceb83513b