← Rules Catalog
mediumfilesystemverified rollback-safe

Ensure world-writable directories are owned by root or system accounts

world-writable-dirs-ownership · RHEL ≥ 8 · 1 impl

Description

All world-writable directories must be owned by root, sys, bin, or an application user to prevent unauthorized file creation and manipulation.

Rationale

World-writable directories owned by non-system users can be exploited for privilege escalation or denial-of-service attacks.

Check → Remediate

Checkcommand
# Find world-writable directories owned by non-system users (UID > 999)
result=$(find / -xdev -type d -perm -0002 -uid +999 -print 2>/dev/null || true)
if [ -n "$result" ]; then
  echo "FAIL: World-writable directories owned by non-system users:"
  echo "$result"
  exit 1
fi
echo "OK: All world-writable directories are owned by system accounts"
exit 0
expected_exit:
0
Remediatefile_permissions
find_paths:
/
find_type:
d
find_args:
-xdev -perm -0002 -uid +999
owner:
root

Framework references

STIG

V-281045 / RHEL-10-400140V-257928 / RHEL-09-232240V-230318

NIST 800-53

CM-6AC-6

Live verification

rhel8:check
#filesystem#permissions#world-writable#ownership