Skip to content

5.4.2.2 Ensure root is the only GID 0 account

Audit#

Run the following command to verify the root user's primary GID is 0, and no other user's have GID 0 as their primary GID:

# awk -F: '($1 !~ /^(sync|shutdown|halt|operator)/ && $4=="0") {print $1":"$4}' /etc/passwd
root:0
Note: User's: sync, shutdown, halt, and operator are excluded from the check for other user's with GID 0

Remediation#

Run the following command to set the root user's GID to 0:

# usermod -g 0 root

Run the following command to set the root group's GID to 0:

# groupmod -g 0 root
Remove any users other than the root user with GID 0 or assign them a new GID if appropriate.