Profile Applicability:
 Level 1


Description:
 Each user account in /etc/passwd references a primary group ID (GID). It is important that every GID referenced corresponds to an existing group in /etc/group. Missing group entries can cause permission and access issues.


Rationale:
 Ensuring all groups in /etc/passwd exist in /etc/group prevents permission inconsistencies and potential security issues due to orphaned group references.


Impact:
 Pros:

  • Maintains consistency in user-group mappings.

  • Prevents access control errors and permission issues.

Cons:

  • Creating missing groups may require coordination with system policies.

Default Value:
 Some systems may have inconsistencies due to manual configuration or migration.


Pre-requisites:

  • Root or sudo privileges to audit and modify group and user configurations.

Remediation:

Test Plan:

Using Linux command line:

  1. List all unique GIDs referenced in /etc/passwd:

    awk -F: '{print $4}' /etc/passwd | sort -u

  2. List all GIDs in /etc/group:

    awk -F: '{print $3}' /etc/group | sort -u

  3. Identify GIDs in /etc/passwd not found in /etc/group:

    comm -23 <(awk -F: '{print $4}' /etc/passwd | sort -u) <(awk -F: '{print $3}' /etc/group | sort -u)

  4. Verify that this list is empty.

Implementation Plan:

Using Linux command line:

  1. For each missing GID, create a corresponding group:

    groupadd -g <missing_gid> <group_name>

  2. Confirm group creation and update any affected configurations.

Backout Plan:

Using Linux command line:

  1. Remove incorrectly created groups if needed:

    groupdel <group_name>

  2. Reassess system configurations.

References: