mediumaccess-controlverified ✓
Ensure all groups in /etc/passwd exist in /etc/group
passwd-groups-exist · RHEL ≥ 8 · 1 impl
Description
All groups referenced in /etc/passwd must exist in /etc/group.
Rationale
Orphaned group references can cause unexpected file access permissions.
Check → Remediate
Checkcommand
bad=""
for gid in $(awk -F: '{print $4}' /etc/passwd | sort -u); do
getent group "$gid" >/dev/null 2>&1 || bad="$bad $gid"
done
if [ -n "$bad" ]; then echo "FAIL: GIDs with no group:$bad"; exit 1; fi
echo "OK: all passwd primary GIDs resolve to a group"; exit 0
- expected_exit:
- 0
Remediatemanual
- note:
- Create missing groups or update user primary group assignments
Framework references
CIS
rhel9 7.2.3rhel8 7.2.3rhel10 7.2.3
NIST 800-53
AC-2IA-2
Live verification
rhel10:checkrhel8:checkrhel9:check
#passwd#groups#integrity