GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs).

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Accounts sharing a UID have full access to each others' files. This has the same effect as sharing a login. There is no way to assure identification, authentication, and accountability because the system sees them as the same user. If the duplicate UID is 0, this gives potential intruders another privileged account to attack.

Solution

Edit user accounts to provide unique UIDs for each account.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-4, CAT|II, CCI|CCI-000764, Rule-ID|SV-227570r603266_rule, STIG-ID|GEN000320, STIG-Legacy|SV-27065, STIG-Legacy|V-762, Vuln-ID|V-227570

Plugin: Unix

Control ID: 103d7252cf2af0f11f40b6c89105eeea60216f43e9c25ea0a65b49d8c8eb2486