6.2.16 Ensure no duplicate UIDs exist (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======6.2.16 Ensure no duplicate UIDs exist (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
Although the ''useradd'' program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the ''/etc/passwd'' file and change the UID field.

=====Rationale=====
Users must be assigned unique UIDs for accountability and to ensure appropriate access protections.

=====Audit===== 
Run the following script and verify no results are returned:
<Code:bash>
#!/bin/bash
cat /etc/passwd | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
  [ -z "${x}" ] && break 
  set - $x 
  if [ $1 -gt 1 ]; then 
    users=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs` 
    echo "Duplicate UID ($2): ${users}" 
  fi 
done
</Code>

=====Remediation=====
Based on the results of the audit script, establish unique UIDs and review all files owned by the shared UIDs to determine which UID they are supposed to belong to.