← Rules Catalog
mediumfilesystemverified

Audit files without valid owner

no-unowned-files · RHEL ≥ 8 · 1 impl

Description

Files without a valid owner (user) may indicate deleted user accounts or improperly installed software and should be investigated.

Rationale

Unowned files could have been left behind by deleted users and may contain sensitive data or be exploitable. They should be assigned to an appropriate owner or removed.

Check → Remediate

Checkcommand
df --local -P 2>/dev/null | awk 'NR!=1{print $6}' | xargs -I{} find {} -xdev -nouser 2>/dev/null | head -1 | grep -q . && exit 1 || exit 0
expected_exit:
0
Remediatemanual
note:
Review files without valid owners and assign appropriate ownership: find / -xdev -nouser For each file, either assign to an appropriate user: chown <user> <file> Or remove if no longer needed.

Framework references

CIS

rhel8 7.1.12rhel9 7.1.12rhel10 7.1.12

STIG

V-281075 / RHEL-10-400290V-257931 / RHEL-09-232255V-230326 / RHEL-08-010780

NIST 800-53

CM-8

Live verification

rhel10:checkrhel8:checkrhel9:check
#permissions#ownership#audit#security