{"description": "If any files are not owned by a user, then the cause of their lack of ownership should be\ninvestigated. Following this, the files should be deleted or assigned to an appropriate user.\n\nLocate the mount points related to local devices by the following command:\n<pre>$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)</pre>\n\nFor all mount points listed by the previous command, it is necessary to search for files which\ndo not belong to a valid user using the following command:\n<pre>$ sudo find <i>MOUNTPOINT</i> -xdev -nouser 2&gt;/dev/null</pre>", "rationale": "Unowned files do not directly imply a security problem, but they are generally a sign that\nsomething is amiss. They may be caused by an intruder, by incorrect software installation or\ndraft software removal, or by failure to remove all files belonging to a deleted account, or\nother similar cases. The files should be repaired so they will not cause problems when\naccounts are created in the future, and the cause should be discovered and addressed.", "severity": "medium", "references": {"cis-csc": ["11", "12", "13", "14", "15", "16", "18", "3", "5", "9"], "cobit5": ["APO01.06", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS05.02", "DSS05.04", "DSS05.05", "DSS05.07", "DSS06.02", "DSS06.03", "DSS06.06"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 5.2", "SR 7.6"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.1", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)", "AC-6(1)"], "nist-csf": ["PR.AC-4", "PR.AC-6", "PR.DS-5", "PR.IP-1", "PR.PT-3"], "srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R53"], "cis": ["7.1.12"], "pcidss4": ["2.2.6", "2.2"]}, "control_references": {"anssi": ["R53"], "cis": ["7.1.12"], "pcidss4": ["2.2.6", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "files exist that are not owned by a valid user", "ocil": "The following command will locate the mount points related to local devices:\n<pre>$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)</pre>\n\nThe following command will show files which do not belong to a valid user:\n<pre>$ sudo find <i>MOUNTPOINT</i> -xdev -nouser 2&gt;/dev/null</pre>\n\nReplace <i>MOUNTPOINT</i> by the mount points listed by the fist command.\n\nNo files without a valid user should be located.", "oval_external_content": null, "fixtext": "Either remove all files and directories from the system that do not have a valid user, or assign a valid user to all unowned files and directories on Ubuntu 22.04 with the \"chown\" command:\n\n$ sudo chown [user] [file]", "checktext": "", "vuldiscussion": "", "srg_requirement": "All Ubuntu 22.04 local files and directories must have a valid owner.", "warnings": [{"functionality": "For this rule to evaluate centralized user accounts, <tt>getent</tt> must be working properly\nso that running the command <pre>getent passwd</pre> returns a list of all users in your organization.\nIf using the System Security Services Daemon (SSSD), <pre>enumerate = true</pre> must be configured\nin your organization's domain to return a complete list of users"}, {"general": "This rule can take a long time to perform the check and might consume a considerable\namount of resources depending on the number of files present on the system. It is not a\nproblem in most cases, but especially systems with a large number of files can be affected.\nSee <code>https://access.redhat.com/articles/6999111</code>."}], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "All Ubuntu 22.04 local files and directories must have a valid owner.", "vuldiscussion": "Unowned files and directories may be unintentionally inherited if a user is assigned the same user identifier \"UID\" as the UID of the unowned files.", "checktext": "Verify all local files and directories on Ubuntu 22.04 have a valid owner with the following command:\n\n$ df --local -P | awk {'if (NR!=1) print $6'} | sudo xargs -I '{}' find '{}' -xdev -nouser\n\nIf any files on the system do not have an assigned owner, this is a finding.", "fixtext": "Either remove all files and directories from the system that do not have a valid user, or assign a valid user to all unowned files and directories on Ubuntu 22.04 with the \"chown\" command:\n\n$ sudo chown &lt;user&gt; &lt;file&gt;"}}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"platform": ["multi_platform_fedora", "multi_platform_rhel", "multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "no_files_unowned_by_user.sh", "relative_path": "ubuntu2204/checks/sce/no_files_unowned_by_user.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure All Files Are Owned by a User", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml", "template": null}