Setgid login shells (UNIX)

Module: Account Integrity

This check reports user accounts with login shells that have setgid privileges. Use the check's name list to exclude users that are not already excluded by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Setgid login shells

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_SETGIDSHELL Category: ESM Administrative Information	UNIX (5137)	Title: Setgid shell Description:The shells for the listed accounts are setgid. Account users have full access to the files owned by this GID while they are logged in. They can setgid to a privileged group such as bin or root to gain nearly unlimited access to the system. Use the chmod command to remove setgid from these shells.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SETGIDSHELL

Category: ESM Administrative Information

UNIX (5137)

Title: Setgid shell

Description:The shells for the listed accounts are setgid. Account users have full access to the files owned by this GID while they are logged in. They can setgid to a privileged group such as bin or root to gain nearly unlimited access to the system. Use the chmod command to remove setgid from these shells.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]