Articles in this section

See more

Rule Check: User Group Membership

Avatar
Tatiana
Updated
Follow

 Previous Topic

Next Topic 

Monitoring Server Configuration Security  >  Configuration Policy Rule Checks  >  User Group Membership

Rule Check: User Group Membership

The User Group Membership check determines whether the specified account is a member of exactly the listed groups, and no others. If the account is not a member of one of the listed groups, or if it is a member of a group not listed here, the check fails.

You can use this check to make sure that a given user is not a member of any group that may have higher access permissions than the user should be allowed.

ParametersDescription
User

The single account name to check. Only a single account name can be used. It cannot be a comma-delimited list of account names, or the UID, or the keyword ALL.

Some valid examples are:

  • root
  • admin
  • jsmith

Some examples that will not work:

  • root, jsmith
  • ALL
...should be in groups

The list of group names the account name should be a member of. This is a single group name or a comma-delimited list of group names. The group name must be used, not the group GID. Extra spaces are ignored

Some valid examples are:

  • root
  • wheel, admin
  • finance, company

Some examples that will not work:

  • 500
Remedial Suggestion (optional)

Optional suggestion

 

userisingroupcheck.png

 

Download the full PDF of: Monitoring Server Configuration Security

 

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk