Setuid login shells (UNIX)

Module: Account Integrity

This check reports user accounts with login shells that have setuid privileges. Use the check's name list to exclude users that are not already excluded by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Setuid login shells

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_SETUIDSHELL Category: ESM Administrative Information	UNIX (5136)	Title: Setuid shell Description:The shells for the listed accounts are setuid. Account users have full access to the files owned by this UID while they are logged in. Users can also setuid to a privileged account such as bin or root and get unlimited access to the system. Use the chmod command to remove setuid from these shells.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SETUIDSHELL

Category: ESM Administrative Information

UNIX (5136)

Title: Setuid shell

Description:The shells for the listed accounts are setuid. Account users have full access to the files owned by this UID while they are logged in. Users can also setuid to a privileged account such as bin or root and get unlimited access to the system. Use the chmod command to remove setuid from these shells.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]