mediumfilesystemverified ✓
Audit files without valid owner
no-unowned-files · RHEL ≥ 8 · 1 impl
Description
Files without a valid owner (user) may indicate deleted user accounts or improperly installed software and should be investigated.
Rationale
Unowned files could have been left behind by deleted users and may contain sensitive data or be exploitable. They should be assigned to an appropriate owner or removed.
Check → Remediate
Checkcommand
df --local -P 2>/dev/null | awk 'NR!=1{print $6}' | xargs -I{} find {} -xdev -nouser 2>/dev/null | head -1 | grep -q . && exit 1 || exit 0- expected_exit:
- 0
Remediatemanual
- note:
- Review files without valid owners and assign appropriate ownership: find / -xdev -nouser For each file, either assign to an appropriate user: chown <user> <file> Or remove if no longer needed.
Framework references
CIS
rhel8 7.1.12rhel9 7.1.12rhel10 7.1.12
STIG
V-281075 / RHEL-10-400290V-257931 / RHEL-09-232255V-230326 / RHEL-08-010780
NIST 800-53
CM-8
Live verification
rhel10:checkrhel8:checkrhel9:check
#permissions#ownership#audit#security