Setuid login shells (UNIX)

Module: Account Integrity

This check reports user accounts with login shells that have setuid privileges. Use the check's name list to exclude users that are not already excluded by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Setuid login shells

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: ESM Administrative Information

UNIX (5136)

Title: Setuid shell

Description:The shells for the listed accounts are setuid. Account users have full access to the files owned by this UID while they are logged in. Users can also setuid to a privileged account such as bin or root and get unlimited access to the system. Use the chmod command to remove setuid from these shells.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]