Monterey - Secure User's Home Folders

Information

The system _MUST_ be configured to prevent access to other users' home folders.

The default behavior of macOS is to allow all valid users access to the the top level of every other user's home folder while restricting access only to the Apple default folders within.

Solution

[source,bash]
----
IFS=$'
'
for userDirs in $( /usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d -perm -1 | /usr/bin/grep -v "Shared" | /usr/bin/grep -v "Guest" ); do
/bin/chmod og-rwx "$userDirs"
done
unset IFS
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6, 800-53|CM-6b., CCE|CCE-90931-7, CCI|CCI-000366

Plugin: Unix

Control ID: cae3b569cad902880f555423918ffa8c7283cbf05bc177b79a49f6e3c4867849