Update accounts_users_home_files_ownership Remedations

Make sure that script doesn't run on users that don't have proper home folder defined. This commit makes the script skip home folders defined as "/".
ComplianceAsCode · Oct 3, 2024 · 7c6304c · 7c6304c
1 parent 35e526d
commit 7c6304c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/...e/system/accounts/accounts-session/accounts_users_home_files_ownership/ansible/shared.yml b/...e/system/accounts/accounts-session/accounts_users_home_files_ownership/ansible/shared.yml
@@ -24,6 +24,7 @@
   when:
     - item.value[1]|int >= {{{ uid_min }}}
     - item.value[1]|int != {{{ nobody_uid }}}
+    - item.value[4] != "/"
 
 - name: Ensure interactive local users are the owners of their respective home directories
   ansible.builtin.file:

diff --git a/...guide/system/accounts/accounts-session/accounts_users_home_files_ownership/bash/shared.sh b/...guide/system/accounts/accounts-session/accounts_users_home_files_ownership/bash/shared.sh
@@ -4,7 +4,7 @@
 # complexity = low
 # disruption = low
 
-for user in $(awk -F':' '{ if ($3 >= {{{ uid_min }}} && $3 != {{{ nobody_uid }}}) print $1 }' /etc/passwd); do
+for user in $(awk -F':' '{ if ($3 >= {{{ uid_min }}} && $3 != {{{ nobody_uid }}} && $6 != "/") print $1 }' /etc/passwd); do
     home_dir=$(getent passwd $user | cut -d: -f6)
     # Only update the ownership when necessary. This will avoid changing the inode timestamp
     # when the owner is already defined as expected, therefore not impacting in possible integrity