5.4.3 Ensure default group for the root account is GID 0 (Scored)

Level 1 - Server
Level 1 - Workstation 

The usermod command can be used to specify which group the root user belongs to. This affects permissions of files that are created by the root user.

Using GID 0 for the root account helps prevent root-owned files from accidentally becoming accessible to non-privileged users.

Run the following command and verify the result is 0:

# grep "^root:" /etc/passwd | cut -f4 -d: 
0 

Run the following command to set the root user default group to GID 0:

# usermod -g 0 root
  • centos7/5/4/3.txt
  • Last modified: 2017/05/04 19:43
  • by Piotr K┼éoczewski