{"description": "Change the mode of interactive users home directories to <tt>0750</tt>. To\nchange the mode of interactive users home directory, use the\nfollowing command:\n<pre>$ sudo chmod 0750 /home/<i>USER</i></pre>", "rationale": "Excessive permissions on local interactive user home directories may allow\nunauthorized access to user files by other users.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["7.2.9"]}, "control_references": {"cis": ["7.2.9"]}, "components": [], "identifiers": {}, "ocil_clause": "they are more permissive", "ocil": "To verify the assigned home directory of all interactive user home directories\nhave a mode of <pre>0750</pre> or less permissive, run the following command:\n<pre>$ sudo ls -l /home</pre>\nInspect the output for any directories with incorrect permissions.", "oval_external_content": null, "fixtext": "Change the mode of interactive user\u2019s home directories to \"0750\". To change the mode of a local interactive user\u2019s home directory, use the following command:\n\nNote: The example will be for the user \"smithj\".\n\n$ sudo chmod 0750 /home/smithj", "checktext": "", "vuldiscussion": "", "srg_requirement": "All Ubuntu 22.04 local interactive user home directories must have mode 0750 or less permissive.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "All Ubuntu 22.04 local interactive user home directories must have mode 0750 or less permissive.", "vuldiscussion": "Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.", "checktext": "Verify the assigned home directory of all local interactive users has a mode of \"0750\" or less permissive with the following command:\n\nNote: This may miss interactive users that have been assigned a privileged user identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information.\n\n$ stat -L -c '%a %n' $(awk -F: '($3&gt;=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) 2&gt;/dev/null\n\n700 /home/bingwa\n\nIf home directories referenced in \"/etc/passwd\" do not have a mode of \"0750\" or less permissive, this is a finding.", "fixtext": "Change the mode of interactive user's home directories to \"0750\". To change the mode of a local interactive user's home directory, use the following command:\n\nNote: The example will be for the user \"wadea\".\n\n$ sudo chmod 0750 /home/wadea"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml", "template": null}