Detections
Analytics

7.2.12 Ensure all files and directories in a local interactive user home directory are mode 0750 or more restrictive

Information

All local interactive user home directory files must have mode "0750" or less permissive.

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Solution

Set the mode on files and directories in the local interactive user home directory with the following command:

Note: The example will be for the user smithj, who has a home directory of "/home/smithj" and is a member of the users group.

# chmod 0750 /home/smithj/<file or directory>

See Also

https://workbench.cisecurity.org/benchmarks/19886

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CSCv7|14.6, Rule-ID|SV-244531r743842_rule, Vuln-ID|V-244531

Plugin: Unix

Control ID: 5aa18d421c73b2fb20edfa67cd92fdb44f06b3d842b1c178a0006a6ec59865f4