Rate This Document
Findability
Accuracy
Completeness
Readability

Do Not Allow Files Or Directories Without An Owner Or Owner Group

Files or directories without an owner or owner group are not allowed in the system. These files or directories are typically left behind when an original owner account is deleted but its files remain. This poses an information leakage risk, wastes disk space and system resources, and may disrupt normal service operations.

In container scenarios, because containers and hosts use different user namespaces, files inside a container may appear on the host without an owner or owner group. For a container's rootfs, the host implements corresponding protection measures. The rootfs parent directory on the host is restricted to the root user only. Consequently, such directories and files can be treated as exceptions.

Procedure

  1. Search for directories and files without an owner or owner group under the system root directory.
    find `df -l | sed -n '2,$p' | awk '{print $6}' ` -xdev -nouser 2>/dev/null
    find `df -l | sed -n '2,$p' | awk '{print $6}' ` -xdev -nogroup 2>/dev/null

    If neither command returns any output, no files or directories without an owner or owner group are found in the system. Otherwise, proceed to Step 2.

  2. Run the rm command to delete the files or directories without an owner or owner group.

    Before deletion, ensure that the files or directories are indeed unnecessary. Alternatively, use the chown command to assign the files or directories to a valid user and owner group.

    chown test1:test1 test
    rm -rf test