The root user's home directory must not be the root directory (/).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-774	GEN000900	SV-774r2_rule	ECCD-1 ECCD-2	Low

Description
Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories.

STIG	Date
Solaris 10 SPARC Security Technical Implementation Guide	2020-02-26

Details

Check Text ( C-28062r1_chk )
Determine if root is assigned a home directory other than / by listing its home directory. Procedure: # grep "^root" /etc/passwd \| awk -F":" '{print $6}' If the root user home directory is /, this is a finding.

Fix Text (F-928r2_fix)
The root home directory should be something other than / (such as /rootdir). Procedure: # mkdir /rootdir # chown root /rootdir # chgrp root /rootdir # chmod 700 /rootdir # cp -r /.??* /rootdir Edit the passwd file and change the root home directory to /rootdir. The cp -r /.??* command copies all files and subdirectories of file names beginning with "." into the new root directory, which preserves the previous root environment. The cp command must be executed from the / directory.

Fix Text (F-928r2_fix)

The root home directory should be something other than / (such as /rootdir).

Procedure:
# mkdir /rootdir
# chown root /rootdir
# chgrp root /rootdir
# chmod 700 /rootdir
# cp -r /.??* /rootdir

Edit the passwd file and change the root home directory to /rootdir. The cp -r /.??* command copies all files and subdirectories of file names beginning with "." into the new root directory, which preserves the previous root environment. The cp command must be executed from the / directory.