APPL-13-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files.

Information

Configuring the operating system to use the most restrictive permissions possible for user home directories helps to protect against inadvertent disclosures.

Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230

Solution

Configure the macOS system to set the appropriate permissions for each user on the system with the following command:

/usr/sbin/diskutil resetUserPermissions / DeviceNode UID, where 'DeviceNode UID' is the ID number for the user whose home directory permissions need to be repaired.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_13_V1R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-257222r991590_rule, STIG-ID|APPL-13-002068, Vuln-ID|V-257222

Plugin: Unix

Control ID: 5f16f0da6e2d7ee8eb6dc209550a9b51551731a9aeecbfa3a4c66d63657e4bc7