6.2.18 Ensure no duplicate user names exist (Scored)

Level 1 - Server
Level 1 - Workstation 

Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name.

If a user is assigned a duplicate user name, it will create and have access to files with the first UID for that username in /etc/passwd. For example, if “test4” has a UID of 1000 and a subsequent “test4” entry has a UID of 2000, logging in as “test4” will use UID 1000. Effectively, the UID is shared, which is a security problem.

Run the following script and verify no results are returned:

cat /etc/passwd | cut -f1 -d":" | sort -n | uniq -c | while read x ; do
  [ -z "${x}" ] && break 
  set - $x 
  if [ $1 -gt 1 ]; then 
    uids=`awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs` 
    echo "Duplicate User Name ($2): ${uids}" 

Based on the results of the audit script, establish unique user names for the users. File ownerships will automatically reflect the change as long as the users have unique UIDs.

  • centos7/6/2/18.txt
  • Last modified: 2017/05/04 20:07
  • by Piotr Kłoczewski