passwd_duplicate_home

This built-in function ensures that each non-system user (whose UID is greater than 100) in /etc/passwd has a unique home directory.

Each username in /etc/passwd must have a unique home directory. If users share the same home directory, then one can force the other to execute arbitrary commands by modifying the startup files (.profile, etc.) or by putting rogue binaries in the home directory itself. In addition, a shared home directory defeats user accountability.

Compliance requirements mandate that each user have a unique home directory.

Usage

<item>

name: "passwd_duplicate_home"

description: "(arbitrary user comment)"

</item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.