mediumfilesystemverified ✓rollback-safe
Ensure world-writable directories are owned by root or system accounts
world-writable-dirs-ownership · RHEL ≥ 8 · 1 impl
Description
All world-writable directories must be owned by root, sys, bin, or an application user to prevent unauthorized file creation and manipulation.
Rationale
World-writable directories owned by non-system users can be exploited for privilege escalation or denial-of-service attacks.
Check → Remediate
Checkcommand
# Find world-writable directories owned by non-system users (UID > 999) result=$(find / -xdev -type d -perm -0002 -uid +999 -print 2>/dev/null || true) if [ -n "$result" ]; then echo "FAIL: World-writable directories owned by non-system users:" echo "$result" exit 1 fi echo "OK: All world-writable directories are owned by system accounts" exit 0
- expected_exit:
- 0
Remediatefile_permissions
- find_paths:
- /
- find_type:
- d
- find_args:
- -xdev -perm -0002 -uid +999
- owner:
- root
Framework references
STIG
V-281045 / RHEL-10-400140V-257928 / RHEL-09-232240V-230318
NIST 800-53
CM-6AC-6
Live verification
rhel8:check
#filesystem#permissions#world-writable#ownership