Description of problem:
========================

• The home directory of tss account is /dev/null
  This causes issue with CIS 8 benchmarking

Version-Release number of selected component (if applicable):
========================

• RHEL 8.x , All versions
• This also exist in RHEL 7 and RHEL 9

How reproducible:
100%

Steps to Reproduce:
========================

1. Check the home directory for tss user

Actual results:
========================

• tss user has `/dev/null` as home directory
  ~~~
  $ grep tss /etc/passwd
  tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
  ~~~

Expected results:
========================

• It could have been `/` anyway the `/sbin/nologin` is set but not `/dev/null`

Additional info:
========================

• The rationale specified for the compliance in CIS 8 benchmarking:
  ~~~
  If the user's home directory does not exist or is unassigned, the user will be placed in "/"
  and will not be able to write any files or have local environment variables set
  ~~~

• Benchmarking follows this scrip to find the 'tss' user and flags it as not as per compliance
  ~~~
  grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }

  ' | while read -r user dir; do
  if [ ! -d "$dir" ]; then
  echo "The home directory ($dir) of user $user does not exist."
  fi
  done
  ~~~

• The explanation I found is :
  ~~~
  tss account is used by the trousers package to sandbox the tcsd daemon.
  trousers RPM is the part of OS installation.
  tss account doesn't need a home directory, so the default value is /dev/null, which will not cause any issue.
  In addition, because tss account doesn't need to login to the system, it has /sbin/nologin assigned.
  ~~~