Nutanix OS must limit the ability of nonprivileged users to grant other users direct access to the contents of their home directories/folders.

Users' home directories/folders may contain information of a sensitive nature. Nonprivileged users should coordinate any sharing of information with a system administrator (SA) through shared resources.

Verify Nutanix OS has assigned home directory of all local interactive users has a mode of "0750" or less permissive using the following command. $ ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) drwxr-x---. 3 admin admin 4096 Nov 6 2020 /home/admin drwxr-x---. 26 nutanix nutanix 4096 Aug 17 08:02 /home/nutanix If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less, this is a finding.

For AOS, Prism Central, and Files, configure any interactive users home directory to have a mode of 0750 or less using the following command. $ sudo chmod 0750 [path to interactive user's home directory] For AHV, this setting is a default setting set by the vendor and is not supported to be changed in the field. If any interactive user accounts exist then something has been modified and the hypervisor OS VM must be rebuilt from source.