{"description": "Change the owner of interactive users home directories to that correct\nowner. To change the owner of a interactive users home directory, use\nthe following command:\n<pre>$ sudo chown <i>USER</i> /home/<i>USER</i></pre>\n\nThis rule ensures every home directory related to an interactive user is\nowned by an interactive user. It also ensures that interactive users are\nowners of one and only one home directory.", "rationale": "If a local interactive user does not own their home directory, unauthorized\nusers could access or modify the user's files, and the users may not be able to\naccess their own files.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["7.2.9"]}, "control_references": {"cis": ["7.2.9"]}, "components": [], "identifiers": {}, "ocil_clause": "the user ownership is incorrect", "ocil": "To verify the home directory ownership, run the following command:\n<pre># ls -ld $(awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $6}' /etc/passwd)</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Due to OVAL limitation, this rule can report a false negative in a\nspecific situation where two interactive users swap the ownership of\ntheir respective home directories."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "All Interactive User Home Directories Must Be Owned By The Primary User", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml", "template": null}