Details
While the system administrator can establish secure permissions for users’ ‘dot’ files, the users can easily override these. Group or world-writable user configuration files may enable malicious users to steal or modify other users’ data or to gain another user’s system privileges.
Solution
Making global modifications to users’ files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user dot file permissions and determine the action to be taken in accordance with site policy.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.