All TOSS 5 interactive users must have a primary group that exists.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-282490TOSS-05-000298SV-282490r1200450_ruleCCI-000764medium
Description
If a user is assigned the Group Identifier (GID) of a group that does not exist on the system, and a group with the GID is subsequently created, the user may have unintended rights to any files associated with the group.
STIGDate
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide2026-04-01

Details

Check Text (C-282490r1200450_chk)

Verify all TOSS 5 interactive users have a valid GID using the following command: $ sudo pwck -qr If the system has any interactive users with duplicate GIDs, this is a finding.

Fix Text (F-86956r1200449_fix)

Configure the system so all GIDs referenced in "/etc/passwd" are defined in "/etc/group". Edit the file "/etc/passwd" and ensure every user's GID is a valid GID.