{"description": "Either remove all files and directories from the system that\ndo not have a valid user, or assign a valid user to all unowned\nfiles and directories. To assign a valid owner to a local\ninteractive user's files and directories, use the following command:\n<pre>$ sudo chown -R <i>USER</i> /home/<i>USER</i></pre>\n\nThis rule ensures every file or directory under the home directory related\nto an interactive user is owned by an interactive user.", "rationale": "If local interactive users do not own the files in their directories,\nunauthorized users may be able to access them. Additionally, if files are not\nowned by the user, this could be an indication of system compromise.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R50"]}, "control_references": {"anssi": ["R50"]}, "components": [], "identifiers": {}, "ocil_clause": "the user ownership is incorrect", "ocil": "To verify all files and directories in a local interactive user's\nhome directory have a valid owner, run the following command:\n<pre>$ sudo ls -lLR /home/<i>USER</i></pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Due to OVAL limitation, this rule can report a false negative in a\nspecific situation where two interactive users swap the ownership of\nfolders or files in their respective home directories."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "All User Files and Directories In The Home Directory Must Have a Valid Owner", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml", "template": null}