highaccess-controlverified ✓
Ensure root is the only UID 0 account
root-only-uid0 · RHEL ≥ 8 · 1 impl
Description
Root must be the only account with UID 0.
Rationale
Multiple UID 0 accounts make it impossible to attribute root actions to a specific user.
Check → Remediate
Checkcommand
awk -F: '($3 == 0 && $1 != "root") {found=1} END {exit found ? 1 : 0}' /etc/passwd- expected_exit:
- 0
Remediatemanual
- note:
- Remove or reassign UID for any non-root accounts with UID 0
Framework references
CIS
rhel9 5.4.2.1rhel8 5.4.2.1rhel10 5.4.2.1
STIG
V-281192 / RHEL-10-600400V-258059 / RHEL-09-411100V-230534
NIST 800-53
AC-6IA-2
Live verification
rhel10:checkrhel8:checkrhel9:check
#root#uid#account