Verify User/Group Ownership on /etc/passwd (Scored) The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root. [UID of ROOT, GID of ROOT] The /etc/passwd file needs to be protected from unauthorized changes by non-priliveged users, but needs to be readable as this information is used with many non-privileged programs. Fix: If the user and group ownership of the /etc/passwd file are incorrect, run the following command to correct them: # /bin/chown root:root /etc/passwd oval:org.secpod.oval:def:33955 SCAP Repo OVAL Definition 2016-04-19