Hmm, these tests should be simply a permutation of find / -type f -nouser or -nogroup.

It appeared to me that the standard WAS specifying only files, and not directories.

If you want to be sure you're not scanning network shares, I suppose some iteration through local partitions, either as returned by mount(1) or some other magic would be necessary, but the find command is generally the same. I like the

-ignore_readdir_race fix, too.

Andrew

On Tue, Jul 23, 2013 at 11:23 AM, Gary Gapinski <gapinski@nasa.gov> wrote:

On 07/23/2013 01:17 PM, Maura Dailey wrote:
> Does anyone actually have a way to "unown" or "ungroup own" a file for
> testing purposes? I'd like to see if the uid shows up as 0 or as xsi:nil.

chown <pick some unused uid> file
chgrp <pick some unused gid> file

Regards,

Gary

_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide