{"description": "If any files or directories are not owned by a user, then the cause of their lack of ownership should be\ninvestigated. Following this, the files should be deleted or assigned to an appropriate user.\n\nLocate the mount points related to local devices by the following command:\n<pre>$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)</pre>\n\nFor all mount points listed by the previous command, it is necessary to search for files and directories which\ndo not belong to a valid user using the following command:\n<pre>$ sudo find <i>MOUNTPOINT</i> -xdev -nouser 2&gt;/dev/null</pre>", "rationale": "Unowned files and directories do not directly imply a security problem, but they are generally a sign that\nsomething is amiss. They may be caused by an intruder, by incorrect software installation or\ndraft software removal, or by failure to remove all files belonging to a deleted account, or\nother similar cases. The files and directories should be repaired so they will not cause problems when\naccounts are created in the future, and the cause should be discovered and addressed.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "files exist that are not owned by a valid user", "ocil": "The following command will locate the mount points related to local devices:\n<pre>$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)</pre>\n\nThe following command will show files and directories which do not belong to a valid user:\n<pre>$ sudo find <i>MOUNTPOINT</i> -xdev -nouser 2&gt;/dev/null</pre>\n\nReplace <i>MOUNTPOINT</i> by the mount points listed by the fist command.\n\nNo files and directories without a valid user should be located.", "oval_external_content": null, "fixtext": "Either remove all files and directories from the system that do not have a valid user, or assign a valid user to all unowned files and directories on Ubuntu 22.04 with the \"chown\" command:\n\n$ sudo chown [user] [file]", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"functionality": "For this rule to evaluate centralized user accounts, <tt>getent</tt> must be working properly\nso that running the command <pre>getent passwd</pre> returns a list of all users in your organization.\nIf using the System Security Services Daemon (SSSD), <pre>enumerate = true</pre> must be configured\nin your organization's domain to return a complete list of users"}, {"general": "This rule can take a long time to perform the check and might consume a considerable\namount of resources depending on the number of files present on the system. It is not a\nproblem in most cases, but especially systems with a large number of files can be affected.\nSee <code>https://access.redhat.com/articles/6999111</code>."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"platform": ["multi_platform_fedora", "multi_platform_rhel", "multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "no_files_or_dirs_unowned_by_user.sh", "relative_path": "ubuntu2204/checks/sce/no_files_or_dirs_unowned_by_user.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure All Files And Directories Are Owned by a User", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/rule.yml", "template": null}