InformationSometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system.
A new user who is assigned the deleted user's user ID or group ID may then end up 'owning' these files, and thus have more access on the system than was intended.
SolutionLocate files that are owned by users or groups not listed in the system configuration files, and reset the ownership of these files to some active user on the system as appropriate.
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-72007
Rule ID: SV-86631r3_rule
STIG ID: RHEL-07-020320
Severity: CAT II